56.8 There was no call for removing regulation dealing specifically with the permitted content of credit reporting information and leaving the matter to be governed by the model UPPs. Any such move would create uncertainty about the scope of information that may be ‘necessary’ to assess credit risk or for other functions or activities of credit reporting agencies or credit providers. Some credit providers did suggest, however, that new rules dealing with the permitted content of credit reporting information should be contained in a code of conduct, rather than in the new Privacy (Credit Reporting Information) Regulations.
56.9 In this context, the Australasian Retail Credit Association (ARCA) proposed that—while the regulations should restrict credit reporting information to that relevant to the primary purpose of the credit reporting system—permitted content should be governed by a code of conduct ‘to ensure sufficient flexibility is maintained to meet the needs of a more rapidly changing credit environment’. The Australian Finance Conference (AFC) commented that rather than be fixed in law, ‘credit report content should be left to be negotiated by the stakeholders on the basis of known consequences’.
56.10 In the ALRC’s view, the permitted content of credit reporting information should continue to be prescribed by regulation. This approach is consistent with the overall approach to reform, under which the credit reporting provisions of the Privacy Act are repealed and regulations promulgated to impose obligations on credit reporting agencies and credit providers with respect to the handling of credit reporting information.
56.11 The ALRC recommends that, as is presently the case under Part IIIA of the Privacy Act, the new Privacy (Credit Reporting Information) Regulations should prescribe an exhaustive list of the categories of personal information that are permitted to be included in credit reporting information. This should be based on the provisions of s 18E of the Privacy Act, subject to the changes recommended in this Report.
56.12 The specific permitted content of credit reporting information has, however, been subject to a range of comment and criticism. This is discussed below, with reference to different categories of content. The issue of more comprehensive reporting is discussed in Chapter 55.
Recommendation 56-1 The new Privacy (Credit Reporting Information) Regulations should prescribe an exhaustive list of the categories of personal information that are permitted to be included in credit reporting information. This list should be based on the provisions of s 18E of the Privacy Act, subject to the changes set out in Recommendations 55–1, 55–2, 56–2 to 56–4, 56–6, 56–8 and 56–9.