From 12 March 2014, under Part IIIA of the Privacy Act, a credit provider must be a member of an EDR scheme recognised under the Privacy Act to be able to participate in the credit reporting system.
Commercial lenders and businesses who are not already in a consumer credit EDR scheme will be required to join an EDR scheme.
Credit providers, as defined in s 6G of the Privacy Act, includes a bank, an entity where a substantial part of its business is provision of credit, a retailer that issues a credit card in connection with sale of goods or supply of services, a supplier which provides credit in relation to sale of goods or supply of services where repayment of credit is deferred for at least 7 days and a lessor who provides credit in connection with hiring, leasing or renting of goods and credit is in force for at least 7 days.
The Information Commissioner has published the conditions that must be met by EDR schemes to be recognised under the Privacy Act, its approach to existing EDR schemes and when it will allow the EDR scheme to deal with a privacy-related credit complaint rather than the OAIC.
Only credit providers who are licensees under Chapter 3 of the National Consumer Credit Protection Act or prescribed by the Regulations and mortgage insurers will be able to access the repayment history information
