‘Negative’ information

56.23 The permitted content of credit information files and credit reports includes a range of ‘negative’ information. Stakeholders raised a number of concerns about permitted content relating to: small overdue payments; dishonoured cheques; bankruptcy and similar information; and serious credit infringements.

Small overdue payments

56.24 Section 18E(1)(b)(vi) permits the inclusion in credit information files of information about credit where the individual is at least 60 days overdue in making a payment and the credit provider has taken steps to recover the amount outstanding.

56.25 The credit reporting provisions do not provide for any minimum amount in respect of debts that may be listed, except in the case of presented and dishonoured cheques (discussed below). Veda Advantage, however, currently only lists debts over $100 and credit providers generally do not object to such a limit.

56.26 Some stakeholders expressed concerns about the listing of small debts, including by telecommunications companies. In particular, the consequences of listing small debts far outweigh the gravity of the conduct— especially as many small debts are said to be related to problems with billings systems, billing errors and change of address notification.[18]

56.27 The extent to which small debts are predictive of future default is relevant to the desirability of imposing a minimum amount for the listing of overdue payments. Research conducted by Dun and Bradstreet, which focuses on telecommunications debts, claims to show that individuals who default on low value amounts (ie, amounts below $500) or non-bank credit are at higher risk of defaulting on larger amounts provided under more traditional credit arrangements.[19] Research by Dun and Bradstreet is also said to show that individuals ‘defaulting on utilities and telecommunications debt are more than five times more likely to default on other credit products’.[20]

56.28 In DP 72, the ALRC proposed that credit reporting agencies should only be permitted to list overdue payments of more than a minimum amount.[21] The ALRC also asked whether the new Privacy (Credit Reporting Information) Regulations should prescribe this amount and, if not, how a minimum amount should be set and enforced.[22]

56.29 A wide cross-section of stakeholders supported the proposal to set a minimum amount.[23] Some considered that, rather than being set by the new regulations, the minimum amount should be included in a credit reporting code,[24] or in an industry agreement.[25] A range of figures, from the existing $100 to $1,000, was suggested as an appropriate minimum.[26]

56.30 ARCA agreed that the reporting of overdue payments should be subject to a minimum, and that this limit should be incorporated in a credit reporting code, reviewed from time to time by a policy committee.[27] Similarly, Veda Advantage submitted:

The Regulations should impose an obligation to collect and share data according to the regulations and the Code. But the Code rather than the Regulations should set the minimum amount for overdue payments. It should be enforced as part of the data standards of the industry. Breaches of the Code can be dealt with by the industry, but if persistent or serious, would be dealt with by the Privacy Commissioner under the Civil Penalty provisions.[28]

56.31 The AFC submitted a minimum amount should be

applied through subscriber agreements between the credit provider and agency rather than subject to a Regulation … it is essential for credit providers to have a complete picture of the credit history of the individual including their propensity for paying debt that may be evidenced by the listing of relatively small overdue amounts. The agency is in the best position to track appropriate minimum levels and react to shift the level to reflect the current market as and when required.[29]

56.32 The Law Society of New South Wales agreed with the proposal only to list overdue payments over a certain amount, but also emphasised the importance of industry input into the process of determining the amount.

Factors such as the volume of credit provided, the emergence of further forms of credit and the abilities of individuals to service credit are important for determining a suitable minimum amount for listing of overdue payments and the form in which the minimum amount should be expressed.[30]

56.33 Legal Aid Queensland considered that the minimum should be set at $500 and indexed against the Consumer Price Index. It noted that because ‘consumers cannot access mainstream lending for any purposes if they have a default’, the minimum of $100 proposed by industry ‘does not properly balance the severe detriment caused by a small listing’.[31]

56.34 In contrast, the Australian Credit Forum noted that ‘unpaid smaller debts can be a realistic guide of an individual’s ability or intention to meet obligations and should be allowed to be taken into account in any credit risk assessment’.[32] The Tasmanian Collection Service (a credit reporting agency) referred to a ‘continued need’ to collect information on small debts, particularly as a debt recovery mechanism.[33]

56.35 Telstra, Optus and AAPT stressed that any increase in the current minimum amount for listing overdue payments would have a disproportionate impact on the telecommunications industry, as many telecommunications debts are small.[34] Some stakeholders, including AAPT, were opposed to any mandatory minimum.[35] AAPT stated:

Whilst such a proposal may be appropriate in some industries, it is not possible in the telecommunications sector. The telecommunications industry is a highly competitive industry and there is a well known and understood risk that consumers regularly run up small debts with multiple suppliers and switch between the different suppliers on a regular basis.[36]

ALRC’s view

56.36 Different views were expressed by industry and consumer groups about the benefits and problems involved in reporting small debts. Consumer groups focused on the disproportionate consequences of reporting small overdue payments, while credit providers highlighted the significance of small debts in relation to credit risk assessment.

56.37 There is significant support, nevertheless, from both industry and consumer stakeholders for the imposition of some minimum amount for the reporting of overdue payments. While there were differing views on the mechanism for imposing a limit, the ALRC recommends that the new Privacy (Credit Reporting Information) Regulations should provide for a prescribed minimum amount for overdue payment listings. This amount should be set following further consultation on the content of the new regulations. A valid alternative would be to leave the question to self-regulation by credit providers and credit reporting agencies, with consumer group input, through the credit reporting code.

56.38 In addition, some of the problems caused by the listing of small overdue payments can be addressed by other mechanisms, such as improved data quality and complaint-handling processes. The inclusion of repayment performance information in credit reporting information, as recommended by the ALRC,[37] may also mean that smaller defaults play a less significant role in credit assessment.

Recommendation 56-2 The new Privacy (Credit Reporting Information) Regulations should provide that credit reporting agencies are not permitted to list overdue payments of less than a prescribed amount.

Dishonoured cheques

56.39 Section 18E(1)(b)(vii) of the Privacy Act permits the listing on credit information files of information that is a record of a twice presented and dishonoured cheque for an amount of not less than $100. In DP 72, the ALRC proposed that the Privacy (Credit Reporting Information) Regulations not permit credit reporting information to include information about presented and dishonoured cheques.[38]

56.40 Industry stakeholders generally opposed this proposal.[39] ARCA submitted that the ability to report dishonoured cheques should be retained for the benefit of responsible lending, as ‘it is highly predictive information in the case of repeated dishonours’.[40]

56.41 Similarly, the AFC stated that

this subset of information relating to cheques is highly predictive information in the case of repeated dishonours. If the issue is the integrity of the database in relation to this information, we submit that the focus should be on improving the quality of the provision of this type of information. [41]

56.42 Other stakeholders, including the OPC and the Banking and Financial Services Ombudsman agreed that the listing of presented and dishonoured cheques should be prohibited.[42] Nigel Waters of the Cyberspace Law and Policy Centre stated that:

If it were determined, and widely known, that dishonoured cheques are ‘credit’, there is the potential for almost any individual or organisation to be a ‘credit provider’ and gain access to [credit information files]. This would allow a major expansion of consumer credit reporting well beyond the relatively constrained limits, and beyond the policy objectives of the legislation.[43]

ALRC’s view

56.43 The credit reporting system is based on the reporting of individuals’ histories in relation to ‘credit’. That term is defined in the Privacy Act to mean a ‘loan’.[44] A loan includes an arrangement under which full payment for goods and services is not made.[45] It is doubtful whether payment for goods or services by cheque would constitute ‘credit’.

56.44 This does not, of course, dispose of the issue because other content permitted expressly under Part IIIA includes items that are not ‘credit’—such as court judgments and bankruptcy orders.[46] These items, however, are generally publicly available information.

56.45 The listing of presented and dishonoured cheques is anomalous and should no longer be permitted. In practice, dishonoured cheques are rarely listed with credit reporting agencies[47] and are increasingly irrelevant as a payment mechanism,[48] so this should not constitute any significant change to the existing credit reporting system.

Recommendation 56-3 The new Privacy (Credit Reporting Information) Regulations should not permit credit reporting information to include information about presented and dishonoured cheques.

Personal insolvency information

56.46 Section 18E(1)(b)(ix) of the Privacy Act permits information about ‘bankruptcy orders made against the individual’ to be included in credit information files. The Act does not define the term ‘bankruptcy order’ and the term is not used in bankruptcy legislation.

56.47 Under the Bankruptcy Act 1966 (Cth), a person may become bankrupt upon the making of a sequestration order by the Federal Court following the presentation of a creditors’ petition.[49] However, bankruptcy does not always require the making of an order against an individual. For example, bankruptcy can occur following the acceptance of a debtors’ petition by the Official Receiver.[50] The Bankruptcy Act also provides, as alternatives to bankruptcy, debt agreements under Part IX and personal insolvency agreements under Part X.

56.48 A number of stakeholders suggested that the term ‘bankruptcy order’ should be clarified.[51] The AFC, for example, referred to an increase in the incidence of Part IX debt agreements.[52] While it recognised that ‘a debt agreement has different connotations to a bankruptcy order insofar as it reflects a different attitude of a customer towards the repayment of their debt’, the AFC recommended that

either the definition of bankruptcy order be amended or a new definition of Part IX & Part X information be included in the Act to clarify that debt agreement and Part X personal insolvency agreement information can be included on a customer’s credit information file.[53]

56.49 The Insolvency and Trustee Service Australia (ITSA) stated that, in practice, credit reporting agencies and credit providers interpret this term as including voluntary arrangements under Part IX and Part X, as well as bankruptcy proper.[54] The arguments against reporting debt agreements include that debtors should be encouraged to enter into debt agreements and an incentive for doing so is that some of the public ‘stigma’ of personal insolvency will be ameliorated. On the other hand:

A debt agreement can be used only by a debtor who is insolvent and is a formal insolvency administration under the bankruptcy legislation which allows the debtor’s debts to be compromised. This means creditors are paid less than the full amount of their debts and this information should be available to all creditors in the future.[55]

56.50 ITSA concluded that the ‘policy reasons which support the public notification of bankruptcy … apply equally to debt agreements’ and that if one aim of credit reporting is to ensure that ‘fewer persons face financial difficulties’ then reporting of debt agreements should be supported. ITSA also expressed concerns about the accuracy and completeness of personal insolvency information recorded on credit reports, if credit reporting agencies do not fully report individuals’ insolvency status.[56]

ALRC’s view

56.51 The term ‘bankruptcy orders’ does not appear to reflect all the types of personal insolvency administration available under the Bankruptcy Act. In addition to bankruptcies, including voluntary debtor’s petitions and deceased estates administered in bankruptcy, the Bankruptcy Act provides for voluntary arrangements with creditors under Part IX and Part X and post-bankruptcy administration.[57]

56.52 All these forms of administration are currently recorded on the National Personal Insolvency Index (NPII).[58] The NPII is the source of bankruptcy information collected by credit reporting agencies.[59] Credit reporting information should be permitted to include all categories of information available on the NPII. Such information is important in credit risk assessment and, in practice, credit providers rely on obtaining this from credit reporting agencies rather than directly from the NPII.[60]

56.53 In DP 72, the ALRC proposed that the new Privacy (Credit Reporting Information) Regulations should permit credit reporting information to include personal insolvency information recorded on the NPII; and that credit reporting agencies, in accordance with obligations to ensure the accuracy and completeness of credit reporting information, should ensure that credit reports adequately differentiate the forms of administration identified on the NPII.[61] These proposals met with general acceptance from stakeholders[62] and are confirmed in the recommendations set out below.

Recommendation 56-4 The new Privacy (Credit Reporting Information) Regulations should permit credit reporting information to include personal insolvency information recorded on the National Personal Insolvency Index administered under the Bankruptcy Regulations 1966 (Cth).

Recommendation 56-5 Credit reporting agencies should ensure that credit reports adequately differentiate the forms of administration identified on the National Personal Insolvency Index (NPII); and accurately reflect the relevant information recorded on the NPII, as updated from time to time.

Serious credit infringements

56.54 Section 18E(1)(b)(x) permits the inclusion in credit information files of the ‘opinion of a credit provider that the individual has … committed a serious credit infringement’. A serious credit infringement is defined as an act done by a person:

(a) that involves fraudulently obtaining credit, or attempting fraudulently to obtain credit; or

(b) that involves fraudulently evading the person’s obligations in relation to credit, or attempting fraudulently to evade those obligations; or

(c) that a reasonable person would consider indicates an intention, on the part of the first‑mentioned person, no longer to comply with the first‑mentioned person’s obligations in relation to credit.[63]

56.55 A serious credit infringement listing has more serious consequences for the individual concerned than other default listings—not least because such a listing may remain on the record for seven years, as compared to five years for most other negative information.

56.56 At the same time, listing a serious credit infringement under s 18E(1)(b)(x)(c) is not subject to the pre-conditions that apply to listing an overdue payment. That is, for an overdue payment to be listed on a credit information file, an individual must be 60 days overdue in making a payment, and the credit provider must have taken recovery action.[64]

56.57 The Credit Reporting Code of Conduct provides some guidance on what constitutes a serious credit infringement.[65] The Code states, for example, that what could reasonably be considered an intention on the part of an individual no longer to comply with credit obligations may include:

  • the individual has stopped making payments under a credit agreement/contract or breached it in some other serious way, and the credit provider has made reasonable efforts to contact the individual either in person or in writing, but has been unsuccessful in establishing contact, or

  • the credit provider has made contact with the individual and the individual has unlawfully refused to meet his or her credit obligations by resuming payments, or

  • the individual does not comply with the terms of a debt judgment.[66]

56.58 There are concerns about the interpretation of the current definition.[67] In DP 72, the ALRC asked whether the Privacy (Credit Reporting Information) Regulations should allow for the listing of a ‘serious credit infringement’ or similar event and, if so, how this concept should be defined.[68] Industry and consumer stakeholders supported retaining some concept of a ‘serious credit infringement’.[69] Differing views remained on how the definition should be drafted.

56.59 The practice of listing a serious credit infringement against individuals who cannot be found by a credit provider (‘clearouts’), without further inquiry, was criticised by consumer and privacy advocates.[70] Legal Aid Queensland observed:

Often when people move they disconnect utility services and then realise often months later that they have not received a final bill or because of time lags in billing believe they have finalised the account or because they have reconnected with the same service provider cannot understand why any outstanding accounts relating to the old address are not sent to the new address. In those circumstances a serious credit infringement is listed against the consumer. The other significant issue is that credit providers list a serious credit infringement against consumers who challenge the validity of the debt in its entirety or challenge that there is a default in payment.[71]

56.60 Consumer groups and others submitted that a narrow definition of ‘serious credit infringement’ is desirable and, in particular, that the concept should be limited to conduct that is fraudulent.[72] The Cyberspace Law and Policy Centre, for example, stated that

there should be no direct replication of the item (c) from s 18E(1)(b)(x)—‘reasonable suspicion’ is too subjective. We further suggest that authority to list serious credit infringements should be contingent on membership of an approved EDR scheme … [73]

56.61 Other stakeholders supported placing some obligation on credit providers to make reasonable efforts to contact the individual concerned.[74] ARCA submitted, for example, that a ‘serious credit infringement’ should mean

an act done by a person that a reasonable person would consider indicates an intention, on the part of the first-mentioned person, no longer to comply with the first person’s obligations in relation to credit and the provider has made an effort to contact the consumer.[75]

56.62 The Australian Credit Forum stated that such listings are not made frequently because of concerns about ‘misinterpretation or uncertainty’.[76] It submitted:

Greater precision in the definition together with limitation of the liability of the listing party where it operated in good faith, or its actions to list were reasonable in the circumstances, may assist overcome this shortcoming.[77]

56.63 The OPC submitted that the definition of serious credit infringement should include individuals who are deemed to be acting with intent not to comply with their credit obligations, including those individuals who are ‘clearouts’. The OPC submitted that it should issue guidance setting out the criteria that would need to be satisfied before a serious credit infringement may be listed, including:

(a) How to define ‘serious’ (for example, has an overdue payment already been listed?);

(b) Whether there needs to be a minimum timeframe in terms of days in default or a ‘monetary threshold’ before a serious credit infringement could be listed;

(c) The positive obligations on credit providers and individuals towards proving/disproving that a serious credit infringement has occurred;

(d) Whether there should be a restriction on listing a serious credit infringement where there is a dispute between the parties that is in the process of being resolved;

(e) A requirement for a notice to be issued to the individual’s last known address advising them that a serious credit infringement is to be listed against them.[78]

ALRC’s view

56.64 The ALRC is not convinced that the concept of a serious credit infringement should be limited to conduct that is fraudulent, as suggested by some stakeholders. Credit providers have a legitimate interest in sharing information about the conduct of individuals that falls short of fraud—for example, where an individual deliberately avoids contact with a credit provider in order to evade his or her financial responsibilities.

56.65 Valid concerns remain, however, about the breadth of the current definition of a serious credit infringement. Currently, the definition is open to differing interpretations and has led to different practices governed by the internal policies of credit providers. The provision should at least require that, where conduct is not fraudulent, a credit provider must have taken reasonable steps to contact the individual before reporting a serious credit infringement.

56.66 It is not clear that the provision can be improved further by more detailed drafting. The solution to problems concerning the interpretation of the definition of ‘serious credit infringement’ lies in the provision of guidance for credit providers by the OPC or industry groups, or both. Some concerns about the serious credit infringement provision may be addressed, at least in part, by other changes to the regulation of credit reporting recommended in Chapters 58 and 59. A number of recommendations are intended, for example, to promote consistency and accuracy in reporting and improve complaint-handling and dispute resolution processes.

Recommendation 56-6 The new Privacy (Credit Reporting Information) Regulations should allow for the listing of a ‘serious credit infringement’ based on the definition currently set out in s 18E(1)(b)(x) of the Privacy Act, amended so that the credit provider is required to have taken reasonable steps to contact the individual before reporting a serious credit infringement under s 18E(1)(b)(x)(c).

Recommendation 56-7 The Office of the Privacy Commissioner should develop and publish guidance on the criteria that need to be satisfied before a serious credit infringement may be listed, including:

(a) how to interpret ‘serious’ (for example, in terms of the individual’s conduct, and the period and amount of overdue payments);

(b) how to establish whether reasonable steps to contact the individual have been taken;

(c) whether a serious credit infringement should be listed where there is a dispute between the parties that is subject to dispute resolution; and

(d) the obligations on credit providers and individuals in proving or disproving that a serious credit infringement has occurred.

Publicly available information

56.67 The credit reporting provisions regulate some categories of publicly available information, but not others. The definition of a ‘credit reporting business’ excludes businesses or undertakings that maintain records ‘in which the only personal information relating to individuals is publicly available information’.[79] On the other hand, the permitted content of a credit information file does not include ‘publicly available information’—although some permitted items may be publicly available, such as bankruptcy and court judgment information.

56.68 The appropriateness of regulating some categories of publicly available information under Part IIIA, but not others, has been questioned. For example, if a credit reporting agency holds publicly available information about court judgments in separate records—rather than in credit information files—the information can be retained indefinitely as there are no specified time limits for retention under general privacy principles. If governed by Part IIIA, the information would have to be deleted five years after the judgment was made.[80]

56.69 In DP 72, the ALRC proposed that the new Privacy (Credit Reporting Information) Regulations should permit credit reporting information to include publicly available information.[81] This proposal received broad, but qualified, support from stakeholders.[82] It may, however, have been understood in different ways by stakeholders, given that the permitted content of credit information files already includes some categories of publicly available information.

56.70 Some industry stakeholders considered that, while publicly available information should be included in credit reporting information, it should not necessarily be regulated in the same way as credit reporting information, or subject to the new Privacy (Credit Reporting Information) Regulations. ARCA and others, for example, expressed concern that publicly available information should not be regulated as credit reporting information by virtue simply of being held by a credit reporting agency.[83]

56.71 The AFC opposed the proposal and submitted that

credit reporting information should not be defined to include publicly available information (eg bankruptcy information, default judgment information). We do not see the outcome of this being that a credit reporting agency cannot collect and distribute this information to credit providers, but that its handling by these entities would be subject to the broader UPPs. Given the statutory framework for the creation and regulation of the entity collecting and distributing the information (eg generally government agencies like ITSA, ASIC) and the statutory privacy protections that apply to this handling, we see no reason for applying a higher standard of collection than the UPPs. The credit reporting agency effectively [acts] as a conduit between the government agency and the requesting entity.[84]

56.72 Other stakeholders also addressed issues arising from the possible inclusion of publicly available information in credit reporting information. The Cyberspace Law and Policy Centre submitted that publicly available information ‘whether held in credit information files or separately, should be regulated by the credit reporting Regulations if and when it is brought together with other information for the purposes of a credit report’.[85]

56.73 The OPC agreed that the new regulations should permit credit reporting information to include publicly available information, but noted that not all publicly available information is relevant for credit reporting purposes. The OPC submitted that ‘the categories of publicly available information that will be permitted content in the credit reporting system should be set out as an exhaustive list’ in the regulations.[86]

56.74 Legal Aid Queensland submitted that publicly available information provided by a credit reporting agency to a credit provider for the purpose of assessing an individual’s credit worthiness should fall within the definition of ‘credit reporting information’. This would ensure that individuals can challenge the relevance of the information, and that information is deleted after the expiry of the maximum permissible periods set out in credit reporting regulation.[87]

ALRC’s view

56.75 Where publicly available information is used in consumer credit reporting, it is appropriate that privacy interests in respect of this information are fully protected by, for example, the application of the special rights of access and correction that apply to credit reporting information, and complaint-handling mechanisms.

56.76 The existing categories of publicly available information permitted under s 18E—bankruptcy (personal insolvency) and court judgment information—should be included in the list of permitted content of credit reporting information under the new Privacy (Credit Reporting Information) Regulations.

56.77 No case has been made for the inclusion of other categories of publicly available information in credit reporting information. The new regulations, therefore, should not permit credit reporting information to include all publicly available information, as proposed in DP 72.[88]

56.78 As discussed in Chapter 54, the new Privacy (Credit Reporting Information) Regulations should ensure that publicly available information maintained by a credit reporting agency is covered by credit reporting regulation only where the information is maintained ‘in the course of carrying on a credit reporting business’. As is presently the case, a credit reporting agency should be able to conduct other business undertakings using publicly available or other personal information that it holds, subject to compliance with the UPPs and other obligations under the Privacy Act.

[18] Consumer Credit Legal Centre (NSW) Inc, Submission PR 28, 6 June 2006; Telecommunications Industry Ombudsman, Submission PR 221, 8 March 2007.

[19] Dun & Bradstreet Australasia, ‘Low Value Defaults are a High Risk Equation’ (2006) 5 Consumer Credit Reporting 2.

[20] J Phillips, ‘Non-bank Debt Defaulters Likely to Reoffend’, The Sheet, 27 September 2007.

[21]Australian Law Reform Commission, Review of Australian Privacy Law, DP 72 (2007), Proposal 52–2.

[22]Ibid, Question 52–1.

[23]Australian Privacy Foundation, Submission PR 553, 2 January 2008; National Legal Aid, Submission PR 521, 21 December 2007; Consumer Action Law Centre, Submission PR 510, 21 December 2007; Office of the Privacy Commissioner, Submission PR 499, 20 December 2007; Veda Advantage, Submission PR 498, 20 December 2007; Legal Aid Queensland, Submission PR 489, 19 December 2007; Cyberspace Law and Policy Centre UNSW, Submission PR 487, 19 December 2007; Banking and Financial Services Ombudsman, Submission PR 471, 14 December 2007; Telstra Corporation Limited, Submission PR 459, 11 December 2007; Law Society of New South Wales, Submission PR 443, 10 December 2007; National Australia Bank, Submission PR 408, 7 December 2007; Dun & Bradstreet (Australia) Pty Ltd, Submission PR 401, 7 December 2007; Australian Finance Conference, Submission PR 398, 7 December 2007; Financial Counsellors Association of Queensland, Submission PR 371, 30 November 2007; Australasian Retail Credit Association, Submission PR 352, 29 November 2007; Mortgage and Finance Association of Australia, Submission PR 344, 19 November 2007.

[24] GE Money Australia, Submission PR 537, 21 December 2007; Veda Advantage, Submission PR 498, 20 December 2007; National Australia Bank, Submission PR 408, 7 December 2007; Dun & Bradstreet (Australia) Pty Ltd, Submission PR 401, 7 December 2007; Australasian Retail Credit Association, Submission PR 352, 29 November 2007.

[25] Australian Credit Forum, Submission PR 492, 19 December 2007; Australian Finance Conference, Submission PR 398, 7 December 2007.

[26] For example: $100: Optus, Submission PR 532, 21 December 2007; Telstra Corporation Limited, Submission PR 459, 11 December 2007; Dun & Bradstreet (Australia) Pty Ltd, Submission PR 401, 7 December 2007; $200: Australian Privacy Foundation, Submission PR 553, 2 January 2008; Consumer Action Law Centre, Submission PR 510, 21 December 2007; Cyberspace Law and Policy Centre UNSW, Submission PR 487, 19 December 2007; $500: National Legal Aid, Submission PR 521, 21 December 2007; Office of the Privacy Commissioner, Submission PR 499, 20 December 2007; Banking and Financial Services Ombudsman, Submission PR 471, 14 December 2007; Legal Aid Queensland, Submission PR 489, 19 December 2007; Telecommunications Industry Ombudsman, Submission PR 221, 8 March 2007; $1,000: Financial Counsellors Association of Queensland, Submission PR 371, 30 November 2007.

[27]Australasian Retail Credit Association, Submission PR 352, 29 November 2007.

[28]Veda Advantage, Submission PR 498, 20 December 2007.

[29]Australian Finance Conference, Submission PR 398, 7 December 2007.

[30]Law Society of New South Wales, Submission PR 443, 10 December 2007.

[31]Legal Aid Queensland, Submission PR 489, 19 December 2007.

[32]Australian Credit Forum, Submission PR 492, 19 December 2007.

[33] Tasmanian Collection Service, Submission PR 375, 5 December 2007.

[34]Optus, Submission PR 532, 21 December 2007; Telstra Corporation Limited, Submission PR 459, 11 December 2007.

[35]Australian Collectors Association, Submission PR 505, 20 December 2007; Insurance Council of Australia, Submission PR 485, 18 December 2007; Tasmanian Collection Service, Submission PR 375, 5 December 2007.

[36]AAPT Ltd, Submission PR 338, 7 November 2007.

[37] See Rec 55–2.

[38]Australian Law Reform Commission, Review of Australian Privacy Law, DP 72 (2007), Proposal 52–3.

[39] Veda Advantage, Submission PR 498, 20 December 2007; Australian Credit Forum, Submission PR 492, 19 December 2007; National Australia Bank, Submission PR 408, 7 December 2007; Dun & Bradstreet (Australia) Pty Ltd, Submission PR 401, 7 December 2007; Australian Finance Conference, Submission PR 398, 7 December 2007; Australasian Retail Credit Association, Submission PR 352, 29 November 2007. The Law Society of New South Wales submitted that dishonoured cheques should be able to be reported in repeat cases: Law Society of New South Wales, Submission PR 443, 10 December 2007.

[40]Australasian Retail Credit Association, Submission PR 352, 29 November 2007. GE Money agreed with the ARCA position: GE Money Australia, Submission PR 537, 21 December 2007.

[41]Australian Finance Conference, Submission PR 398, 7 December 2007.

[42] Australian Privacy Foundation, Submission PR 553, 2 January 2008; National Legal Aid, Submission PR 521, 21 December 2007; Office of the Privacy Commissioner, Submission PR 499, 20 December 2007; Legal Aid Queensland, Submission PR 489, 19 December 2007; Cyberspace Law and Policy Centre UNSW, Submission PR 487, 19 December 2007; Banking and Financial Services Ombudsman, Submission PR 471, 14 December 2007; Financial Counsellors Association of Queensland, Submission PR 371, 30 November 2007.

[43] N Waters—Cyberspace Law and Policy Centre UNSW, Submission PR 277, 3 April 2007

[44] See Privacy Act 1988 (Cth) s 6(1), definition of ‘credit’.

[45] See Ibid s 6(1), definition of ‘loan’.

[46] Ibid s 18E(1)(viii)–(ix).

[47]Galexia Pty Ltd, Submission PR 465, 13 December 2007; Financial Counsellors Association of Queensland, Submission PR 371, 30 November 2007.

[48]Galexia Pty Ltd, Submission PR 465, 13 December 2007.

[49] See Bankruptcy Act 1966 (Cth) pt IV, s 43(2).

[50] See Ibid pt IV, s 55(4A).

[51] Australian Finance Conference, Submission PR 294, 18 May 2007; Office of the Privacy Commissioner, Submission PR 281, 13 April 2007; N Waters—Cyberspace Law and Policy Centre UNSW, Submission PR 277, 3 April 2007; Australian Privacy Foundation, Submission PR 275, 2 April 2007; Consumer Action Law Centre, Submission PR 274, 2 April 2007; Min-it Software, Submission PR 236, 13 March 2007; Insolvency and Trustee Service Australia, Submission PR 235, 12 March 2007.

[52] Approximately 6,500 new debt agreements were made between 1 July 2006 and 30 June 2007, compared with just under 5,000 debt agreements in the 2005–06 financial year: P Ruddock (Attorney-General), ‘Amendments to Support Debt Agreements Commence’ (Press Release, 9 July 2007).

[53] Australian Finance Conference, Submission PR 294, 18 May 2007.

[54] Insolvency and Trustee Service Australia, Submission PR 235, 12 March 2007.

[55] Ibid.

[56] Ibid.

[57] See, Bankruptcy Act 1966 (Cth) pt VI, div 6.

[58] The NPII is established and maintained in accordance with the Bankruptcy Regulations 1996 (Cth) pt 13.

[59] The content of searches on the NPII will ordinarily show: type of administration or proceeding; date of administration or proceeding; identification number; full name and alias of debtor; address of debtor; date of birth of debtor; occupation and business name of debtor; name of trustee or controlling trustee; particulars of any prior or subsequent listing; the end date of the administration: Insolvency and Trustee Service Australia, National Personal Insolvency Index (2007) <www.itsa.gov.au> at 5 May 2008.

[60] Office of the Privacy Commissioner, Submission PR 281, 13 April 2007.

[61]Australian Law Reform Commission, Review of Australian Privacy Law, DP 72 (2007), Proposals 52–4, 52–5.

[62]Australian Privacy Foundation, Submission PR 553, 2 January 2008; GE Money Australia, Submission PR 537, 21 December 2007; Australian Collectors Association, Submission PR 505, 20 December 2007; Office of the Privacy Commissioner, Submission PR 499, 20 December 2007; Veda Advantage, Submission PR 498, 20 December 2007; Legal Aid Queensland, Submission PR 489, 19 December 2007; Cyberspace Law and Policy Centre UNSW, Submission PR 487, 19 December 2007; HBOS Australia, Submission PR 475, 14 December 2007; Law Society of New South Wales, Submission PR 443, 10 December 2007; National Australia Bank, Submission PR 408, 7 December 2007; Dun & Bradstreet (Australia) Pty Ltd, Submission PR 401, 7 December 2007; Australian Finance Conference, Submission PR 398, 7 December 2007; Financial Counsellors Association of Queensland, Submission PR 371, 30 November 2007; Australasian Retail Credit Association, Submission PR 352, 29 November 2007; Mortgage and Finance Association of Australia, Submission PR 344, 19 November 2007.

[63]Privacy Act 1988 (Cth) s 6(1).

[64] Ibid s 18E(1)(vi).

[65] Office of the Federal Privacy Commissioner, Credit Reporting Code of Conduct (1991), [62]–[65].

[66] Ibid, [65].

[67] Australian Finance Conference, Submission PR 294, 18 May 2007; Office of the Privacy Commissioner, Submission PR 281, 13 April 2007; N Waters—Cyberspace Law and Policy Centre UNSW, Submission PR 277, 3 April 2007; Australian Privacy Foundation, Submission PR 275, 2 April 2007; Consumer Action Law Centre, Submission PR 274, 2 April 2007; National Legal Aid, Submission PR 265, 23 March 2007; Banking and Financial Services Ombudsman Ltd, Submission PR 263, 21 March 2007; Consumer Credit Legal Centre (NSW) Inc, Submission PR 255, 16 March 2007; Consumer Credit Legal Centre (NSW) Inc, Credit Reporting Research Report (2007), rec 29; MasterCard Worldwide, Submission PR 237, 13 March 2007; Dun & Bradstreet (Australia) Pty Ltd, Submission PR 232, 9 March 2007.

[68]Australian Law Reform Commission, Review of Australian Privacy Law, DP 72 (2007), Question 52–2.

[69]Australian Privacy Foundation, Submission PR 553, 2 January 2008; GE Money Australia, Submission PR 537, 21 December 2007; National Legal Aid, Submission PR 521, 21 December 2007; Consumer Action Law Centre, Submission PR 510, 21 December 2007; Australian Collectors Association, Submission PR 505, 20 December 2007; Office of the Privacy Commissioner, Submission PR 499, 20 December 2007; Australian Credit Forum, Submission PR 492, 19 December 2007; Legal Aid Queensland, Submission PR 489, 19 December 2007; Cyberspace Law and Policy Centre UNSW, Submission PR 487, 19 December 2007; Insurance Council of Australia, Submission PR 485, 18 December 2007; HBOS Australia, Submission PR 475, 14 December 2007; Telstra Corporation Limited, Submission PR 459, 11 December 2007 National Australia Bank, Submission PR 408, 7 December 2007; Dun & Bradstreet (Australia) Pty Ltd, Submission PR 401, 7 December 2007; Mortgage and Finance Association of Australia, Submission PR 344, 19 November 2007; Australasian Retail Credit Association, Submission PR 352, 29 November 2007. Some stakeholders suggested no change to the current definition was required: Australian Collectors Association, Submission PR 505, 20 December 2007; Telstra Corporation Limited, Submission PR 459, 11 December 2007.

[70] See, eg, Legal Aid Queensland, Submission PR 489, 19 December 2007; Australian Privacy Foundation, Submission PR 275, 2 April 2007; Consumer Action Law Centre, Submission PR 274, 2 April 2007; Consumer Credit Legal Centre (NSW) Inc, Submission PR 255, 16 March 2007; Dun & Bradstreet (Australia) Pty Ltd, Submission PR 232, 9 March 2007.

[71]Legal Aid Queensland, Submission PR 489, 19 December 2007.

[72] Australian Privacy Foundation, Submission PR 553, 2 January 2008; National Legal Aid, Submission PR 521, 21 December 2007; Consumer Action Law Centre, Submission PR 510, 21 December 2007; Cyberspace Law and Policy Centre UNSW, Submission PR 487, 19 December 2007; Mortgage and Finance Association of Australia, Submission PR 344, 19 November 2007; Banking and Financial Services Ombudsman Ltd, Submission PR 263, 21 March 2007.

[73] Cyberspace Law and Policy Centre UNSW, Submission PR 487, 19 December 2007. Also Australian Privacy Foundation, Submission PR 553, 2 January 2008.

[74]Banking and Financial Services Ombudsman, Submission PR 471, 14 December 2007; Australasian Retail Credit Association, Submission PR 352, 29 November 2007; Consumer Credit Legal Centre (NSW) Inc, Submission PR 255, 16 March 2007; Consumer Credit Legal Centre (NSW) Inc, Credit Reporting Research Report (2007), rec 29–30.

[75]Australasian Retail Credit Association, Submission PR 352, 29 November 2007 (emphasis added). The ARCA position was supported explicitly by other stakeholders: eg, GE Money Australia, Submission PR 537, 21 December 2007; National Australia Bank, Submission PR 408, 7 December 2007; Dun & Bradstreet (Australia) Pty Ltd, Submission PR 401, 7 December 2007.

[76]Australian Credit Forum, Submission PR 492, 19 December 2007.

[77]Ibid.

[78]Office of the Privacy Commissioner, Submission PR 499, 20 December 2007.

[79]Privacy Act 1988 (Cth) s 6(1). Part IIIA provides that credit reporting agencies and credit providers may disclose information contained in a record ‘in which the only personal information relating to individuals is publicly available information’: see Privacy Act 1988 (Cth) ss 18K(1)(k), 18N(9) definition of ‘report’.

[80]Privacy Act 1988 (Cth) s 18F(2)(e).

[81]Australian Law Reform Commission, Review of Australian Privacy Law, DP 72 (2007), Proposal 52–6.

[82] Australian Privacy Foundation, Submission PR 553, 2 January 2008; GE Money Australia, Submission PR 537, 21 December 2007; Office of the Privacy Commissioner, Submission PR 499, 20 December 2007; Legal Aid Queensland, Submission PR 489, 19 December 2007; Cyberspace Law and Policy Centre UNSW, Submission PR 487, 19 December 2007; HBOS Australia, Submission PR 475, 14 December 2007; Law Society of New South Wales, Submission PR 443, 10 December 2007; National Australia Bank, Submission PR 408, 7 December 2007; Dun & Bradstreet (Australia) Pty Ltd, Submission PR 401, 7 December 2007; Australasian Retail Credit Association, Submission PR 352, 29 November 2007; Mortgage and Finance Association of Australia, Submission PR 344, 19 November 2007.

[83]Australasian Retail Credit Association, Submission PR 352, 29 November 2007; GE Money Australia, Submission PR 537, 21 December 2007.

[84]Australian Finance Conference, Submission PR 398, 7 December 2007.

[85]Cyberspace Law and Policy Centre UNSW, Submission PR 487, 19 December 2007. See also Australian Privacy Foundation, Submission PR 553, 2 January 2008.

[86]Office of the Privacy Commissioner, Submission PR 499, 20 December 2007.

[87]Legal Aid Queensland, Submission PR 489, 19 December 2007.

[88]Australian Law Reform Commission, Review of Australian Privacy Law, DP 72 (2007), Proposal 52–6.