Positive credit reporting and new Australian Privacy Principles commence on 14 March 2014.  This is the first of several ‘Privacy Primers’ Gadens intends to publish leading up to commencement. 

Credit Reporting Code

In Edition 1 of the Privacy Primers, we discuss ARCA and the Credit Reporting Code.

ARCA is the industry association for organisations involved in the provision, sharing and application of credit reporting data in Australia and New Zealand.  

ARCA has published a draft Credit Reporting Code of Conduct at the request of the Privacy Commissioner.  Submissions on the draft code must be made to ARCA before 5 May 2013.    You can access the press release here and a copy of the draft Credit Reporting Code here.

Once finalised, the new Code of Conduct will replace the existing Code of Conduct.

The Code aims to:

  • ensure the new credit reporting regime is workable from an industry perspective;
  • address industry concerns about the interpretation of new terms and definitions;
  • create “safe harbors” when disclosures are made by credit providers; and
  • outline how credit providers must deal with complaints - all credit providers, including commercial credit providers, will need to be a member of an external dispute resolution scheme.

Credit providers are encouraged to comment on the draft code, particularly in relation to:

  • the development of a ‘unique identifier’ for each credit account to ensure that an accurate picture of credit is obtained by the credit provider;
  • the definition of complex terms such as ‘consumer credit liability information’; and
  • changes to default listings from the amount owed at the time of payment to the amount owning at the date of listing.

The Code will be binding on credit providers and credit reporting bodies and other entities such as mortgage insurers.  Breaching the code can mean a penalty of up to $1,700,000.

It’s envisaged that lenders will participate on a ‘what you give is what you get’ basis.  So, lenders who provide only default information to credit reporting agencies will only receive default information.

What you need to do

Lenders and credit intermediaries (brokers, servicers, mortgage managers etc) will need to amend their Privacy Policy and Privacy Consent.