The Privacy Amendment (Enhancing Privacy Protection) Act 2012 introduces changes that require all credit providers to sign up to an External Dispute Resolution scheme.

Credit providers who intend to use credit reports after 12 March 2014 will need to be a member of an External Dispute Resolution scheme.

A credit provider will only be able to disclose credit information to a credit reporting body if they are a member of an External Dispute Resolution (EDR) scheme that has been recognised by the Privacy Commissioner.

Any organisation that provides credit as a substantial part of its business, as well as those businesses that provide credit in connection with the sale of goods or services will be required to sign up to an EDR scheme. 

Unlike under the National Credit Code, where only providers of regulated credit are required to be members of EDR, membership of an EDR scheme under the Privacy Act does not differentiate between consumer credit providers, who will already be familiar with compulsory EDR schemes, and commercial lenders.

This is an increase in the regulatory burden for commercial lenders and lessors.

The privacy amendments require the Privacy Commissioner to recognise an EDR scheme under s.35A of the Privacy Amendment (Enhancing Privacy Protection) Act (Cth) 2012.The Privacy Commissioner will release a final version of the guidelines for recognising EDRs in August, after the consultation period ends. 

To avoid regulation creep credit providers who do not provide any consumer credit may consider joining a standalone recognised EDR scheme rather than an existing EDR.