Accuracy and security of personal information

53.28 Credit reporting agencies and credit providers have obligations to ensure the accuracy and security of personal information in their possession or control. Credit reporting agencies and credit providers are required to take reasonable steps to ensure that:

  • personal information in a file or report is ‘accurate, up-to-date, complete and not misleading’;

  • the file or report is protected against ‘misuse’ including ‘unauthorised access, use, modification or disclosure’; and

  • if an agency or credit provider gives the file or report to a person in connection with the provision of a service to the agency or credit provider, it must ‘prevent unauthorised use or disclosure of personal information contained in the file or report’.[45]

53.29 Credit reporting agencies and credit providers are prohibited from disclosing to anyone a false or misleading credit report. If an agency or provider intentionally contravenes this provision, it is liable for a fine of up to $75,000.[46]

[45]Privacy Act 1988 (Cth) s 18G.

[46] Ibid s 18R.