53.1 This chapter provides an overview of the credit reporting provisions of the Privacy Act 1988 (Cth). Part IIIA of the Privacy Act contains the substantive provisions that regulate credit reporting. Some provisions dealing with the scope and application of the credit reporting provisions are located elsewhere in the Act. In addition, the Act empowers the Privacy Commissioner to issue a binding Code of Conduct.[1] A Credit Reporting Code of Conduct came into effect on 24 September 1991.

53.2 The chapter first considers the people and information covered by the credit reporting provisions. How personal information may be used and disclosed in the credit reporting process, and how the Act provides for rights of access and correction for individuals in relation to their personal information are summarised. The chapter then considers the relationship between Part IIIA of the Act and the National Privacy Principles (NPPs).[2]

53.3 The chapter also describes the responsibilities and powers of the Office of the Privacy Commissioner (OPC) with regard to credit reporting[3] and the remedies and penalties in the event of non-compliance with the credit reporting provisions.[4]

53.4 Finally, this chapter sets out in detail how the Privacy Act permits and restricts the transfer of personal information in credit reporting. The diagram below is a summary of the main data flows under the present regulation of credit reporting.

[1]Privacy Act 1988 (Cth) ss 18A, 18B.

[2] The NPPs are located in Ibid sch 3.

[3] The powers and responsibilities of the OPC generally are discussed in Part F.

[4] The remedies and penalties available under the Privacy Act generally also are discussed in Part F.