Data security
58.97 The ‘Data Security’ principle in the model UPPs provides that an agency or organisation must take reasonable steps to:protect the personal information it holds from misuse and loss and from unauthorised access, modification or disclosure; anddestroy or render non-identifiable personal information if it is no longer needed for any purpose for which it can …
Publications
Read moreDeletion of credit reporting information
58.107 The ‘Data Security’ principle provides that an agency or organisation must take reasonable steps to ‘destroy or render non-identifiable personal information if it is no longer needed for any purpose for which it can be used or disclosed under the UPPs and retention is not required or authorised by or under law’.58.108 Part IIIA, …
Publications
Read moreRegulating data quality
58.5 The ‘Data Quality’ principle in the model UPPs and the data quality obligations in Part IIIA[4] are similar. The ‘Data Quality’ principle, therefore, may be considered adequate to cover credit reporting information without the need for separate provisions in the new Privacy (Credit Reporting Information) Regulations. 58.6 There are, however, some important differences between …
Publications
Read moreData quality issues
58.14 Consumer groups and regulators have identified ongoing problems with the data quality of credit reporting information. Other stakeholders also provided perspectives on the extent and nature of data quality problems in the credit reporting system. This chapter highlights a number of specific issues concerning data quality before discussing means to ensure and improve data …
Publications
Read more‘Pre-screening’
57.74 There was industry support for the idea that, notwithstanding a prohibition on direct marketing, credit providers should be able to use credit reports to ‘exclude’ individuals from direct marketing offers, for example, to increase credit limits or refinance loans (‘pre-screening’).[75]Application of the Privacy Act57.75 While it is clear that Part IIIA of the Privacy …
Publications
Read moreIdentity verification
57.129 Credit providers and other businesses have statutory obligations to verify the identity of their customers, including under the Anti-Money Laundering and Counter-Terrorism Financing Act 2006 (Cth) (AML/CTF Act).[130] One possible source of data for electronic identity verification is credit reporting information held by credit reporting agencies. The use and disclosure of credit reporting information …
Publications
Read moreIdentity theft
57.176 In this Inquiry, the ALRC examined whether credit reporting regulation should provide expressly for the problem of identity theft—the theft or assumption by a person of the pre-existing identity of another person.[183] For example, credit reports might be permitted to contain information that the individual concerned has been the subject of identity theft.[184]57.177 In …
Publications
Read moreDisclosure of reports relating to credit worthiness
57.190 Section 18N applies to information contained in ‘reports relating to credit worthiness’.[208] Section 18N(9) provides that a ‘report’ is defined, for the purposes of the section, as:(a) a credit report; or(b) … any other record or information, whether in a written, oral or other form, that has any bearing on an individual’s credit worthiness, …
Publications
Read moreUse and disclosure
57.2 Under the ‘Use and Disclosure’ principle in the model UPPs, an agency or organisation must not use or disclose personal information about an individual for a purpose (the secondary purpose) other than the primary purpose of collection unless:(a) both of the following apply: (i) the secondary purpose is related to the primary purpose of …
Publications
Read moreUse and disclosure of credit reporting information
57.10 In the Discussion Paper, Review of Australian Privacy Law (DP 72), the ALRC observed that Part IIIA prescribes more than fifty different circumstances in which the use or disclosure of personal information is authorised.[5] As the categories of permitted use and disclosure are exhaustive, all other uses or disclosures of personal information are prohibited. …
Publications
Read more