Privacy (Credit Reporting) Code changes

The acting Australian Information Commissioner and acting Privacy Commissioner has announced that they have approved a variation of the registered Privacy (Credit Reporting) Code 2014 Version 1.2. The variations are proposed to commence on 1 July 2018.

The variation was approved following an application by the Australian Retail Credit Association (ARCA).

The CR Code is a mandatory code that binds credit providers and credit reporting bodies. A breach of the CR Code is a breach of the Privacy Act.

In summary, the variation amends:

  • the definition of ‘month’ for the purposes of reporting repayment history information (RHI) (para 1.2(g)(i));
  • certain categories in the definition of the ‘maximum amount of credit available’ (para 6.2(b));
  • the definition of ‘the day credit is terminated or otherwise ceases to be in force’ (para 6.2(c)–(e));
  • the application of a ‘grace period’ to the disclosure of RHI (para 8.2(c));
  • notification requirements, providing that notices under s 21D of the Privacy Act may be sent to an individual’s last known address, which may include an electronic address (para 9.3(d));
  • the timing of issuing a notice under section 21D of the Privacy Act (para 9.3(f));
  • the prohibition on a credit reporting body developing a ‘tool’ to facilitate a credit provider’s direct marketing, to extend to a ‘service’ (para 18.1(b));
  • certain mechanisms for correcting information (para 20.9(b)).
Print Friendly, PDF & Email
 

Your Compliance Support Plan

We understand you need a cost-effective way to keep up to date with regulatory changes. Talk to us about our fixed price plans.