The Privacy Amendment (Enhancing Privacy Protection) Act 2012 (Cth), amends the Privacy Act 1988 (Cth) and comprehensively reforms the credit reporting system in Australia.

Under the reforms, due to commence on 12 March 2014, ‘credit providers’ must:

  • have a clearly expressed and up to date policy with prescribed information about how they manage credit related information;
  • implement practices, procedures and systems to comply with their credit reporting obligations;
  • be aware of the limitations if intending to disclose credit information to ‘credit reporting bodies’ (such as Veda);
  • become a member of an external dispute resolution scheme if disclosing credit information to credit reporting bodies; and
  • be aware of the requirements under the Credit Reporting Code of Conduct (CR Code), which operates alongside the obligations under the Act.

One important aspect of the reforms is that ‘credit providers’ will now include entities that supply to individuals on credit or defer payment for goods or services for more than seven days which means the new requirements will apply to most ‘non-cash’ businesses. This extends the scope of entities subject to the reforms beyond the ‘traditional’ credit providers such as banks and other financiers.

Credit providers will also have access to more information when receiving credit reports from credit reporting bodies, as the system moves to a more ‘positive system’ by including information such as repayment history and other details that provide a fuller picture than the previous negative reporting system.

A new definition of ‘consumer credit’ will also be introduced to include credit provided in connection with residential property for investment purposes.

To prepare for the reforms, credit providers should:

  • update their policies and procedures;
  • update their privacy statements in their credit applications, especially if conducting credit checks on sole traders and guarantors;
  • seek advice on their obligations to comply with the reforms and the CR Code; and
  • review any arrangements with credit reporting bodies and be aware of the new requirements when disclosing information to these bodies.

The credit reporting obligations operate in conjunction with the Australian Privacy Principles. Click here to read about the obligations under the Australia Privacy Principles.