Preview
Archived Posts Lists

Australian Regulatory Compliance Review
Australian Technology and IP Business
Credit Union and Mutual Law
National Consumer Credit Reform
Personal Property Securities Australia
Longview Business Insights
Australian Private Health Insurers
Wills, Trusts, Super
Mutuals Resource Centre

 Resources

Commonwealth legislation
Corporate Governance
Not-for-Profit links
Regulator Links

May 2, 2013

OAIC’s Guide to Information Security

The Office of the Australian Information Commissioner (OAIC) has published a final version of its Guide to Information Security: ‘Reasonable steps’ to protect personal information.

The Australian Privacy Commissioner, Timothy Pilgrim, said that 100% of the high profile investigations he completed in 2011–12 involved data security issues.

Information security obligations for businesses are contained in the National Privacy Principles, the credit reporting provisions in the Privacy Act and the Tax File Number Guidelines.

The guide provides guidance on information security, specifically the reasonable steps entities are required to take under the Privacy Act to protect the personal information they hold.

It provides examples of steps and strategies which may be reasonable for an entity to take.

This could include taking steps and implementing strategies to manage the following:
• governance
• ICT security
• data breaches
• physical security
• personnel security and training
• workplace policies
• the information life cycle
• standards
• regular monitoring and review.

The guide recommends businesses build privacy and information security measures into their processes, systems, products and initiatives at the design stage.

In the amendments that commence on 12 March 2014, the security of personal information is dealt with in APP 11. The obligations in APP 11 are similar to those in NPP/IPP 4. However, APP 11 will require an entity to take reasonable steps to protect personal information from ‘interference’ (eg hacking), as well as from misuse, loss, unauthorised access, modification or disclosure.

Langes can assist you to review your privacy policy to address information security issues.

Print This Post Print This Post

Posted 2nd May 2013 by David Jacobson in Consumer Law, National Credit Code, Privacy, Tax

April 8, 2013

Credit reporting code consultation

The Australasian Retail Credit Association (ARCA) has released for public consultation a draft of the new Credit Reporting Code of Conduct (CR Code).

If approved by the OAIC, the new CR Code will supplement the privacy protection regime set out in Part IIIA of the Privacy Act as amended in December 2012, and will replace the existing Credit Reporting Code of Conduct, that has operated since 1996. It will set out how the Privacy Act Part IIIA provisions are to be applied or complied with.

The CR Code has been designed to:

  • address expectations in Part IIIA or the Explanatory Memorandum;
  • replicate current Credit Reporting Code of Conduct obligations that continue to be relevant given that this Code will be replaced by the new CR Privacy Code;
  • make credit reporting work from a practical perspective;
  • provide some assistance to consumers to understand and interact with the new systems; and
  • address industry uncertainty as to how to interpret aspects of Part IIIA in the interests of consistency of approach within industry.

The CR Code does not encompass all aspects of Part IIIA and so compliance with the CR Code alone will not achieve full compliance with Part IIIA.

The CR Code is being released publicly so that submissions can be received from the public and stakeholder views taken into account as required by Section 26Q of the amended Privacy Act.

The public consultation process closes at 5.00pm on 5 May 2013.

It is expected the finalised draft Code will be lodged with OAIC by 1 July 2013.

Print This Post Print This Post

Posted 8th April 2013 by David Jacobson in Financial Services, National Credit Code, Privacy

February 19, 2013

Credit regulation of small business deferred

The Commonwealth Government has decided that any reforms to small business finance will be deferred. (Background)

This decision is limited to the small business reforms in Phase 2 of the consumer credit reforms.

The draft Bill’s provisions relating to credit provided for investment purposes, private lenders who provide credit contracts or consumer leases through an intermediary, short-term and indefinite term consumer leases and anti-avoidance practices will not be deferred.

Print This Post Print This Post

Posted 19th February 2013 by David Jacobson in Financial Services, National Credit Code

February 12, 2013

Final Reminder: Financial Services CPD Seminars

Our next Financial Services CPD Seminars will discuss the Privacy Act amendments relating to direct marketing and credit reporting, with separate Credit Act update sessions for marketers and collections managers.

There will also be a “core” breakfast session specifically for Responsible Managers.

Key Information
* Cost: $550 (incl GST) per person for the whole program
* All sessions bookable separately
* CPD points: 6 points
* Time: 8am – 3pm
* Location: Brisbane, Sydney, Melbourne
* Designed for: Financial Services Managers who wish to stay up to date with all the relevant financial services and credit industry regulatory changes

When and where
Brisbane: Tuesday 19 February 2013
Sydney: Wednesday 20 February 2013
Melbourne: Tuesday 26 February 2013

More information and registration

Print This Post Print This Post

Posted 12th February 2013 by David Jacobson in Compliance, Corporations Act, Financial Services, National Credit Code

December 20, 2012

Consumer credit repayment history information

Under the Privacy Amendment (Enhancing Privacy Protection) Act 2012, licensed credit providers can collect consumer credit repayment history information about individual borrowers from 12 December 2012.

Repayment history information is defined in Section 6V as:

(a) whether or not the individual has met an obligation to make a monthly payment that is due and payable in relation to the consumer credit;
(b) the day on which the monthly payment is due and payable;
(c) if the individual makes the monthly payment after the day on which the payment is due and payable—the day on which the individual makes that payment.

It does not include the amount of any missed payment — only the fact that the borrower made or missed a payment.

It could include payments on a loan or credit card.

From 12 March 2014 licenced credit providers can pass repayment history information on to credit reporting bodies.

Information about any particular payment cannot be held for more than two years from the date it was due.

Repayment history information will not include information about any payment that was due before 12 December 2012.

Print This Post Print This Post

Posted 20th December 2012 by David Jacobson in Financial Services, National Credit Code, Privacy

December 14, 2012

Privacy Amendment Act commences

The Privacy Amendment (Enhancing Privacy Protection) Act 2012 received Royal Assent on 12 December 2012 and commenced on that day.

However the majority of the reforms (including the new credit reporting provisions) will not commence until 12 March 2014.

A transition period has now commenced enabling development of new Privacy Codes and preparation for the new credit reporting rules.

Langes can assist you in this transition.

Background

Print This Post Print This Post

Posted 14th December 2012 by David Jacobson in Financial Services, National Credit Code, Privacy

December 4, 2012

CPD Financial Services Law Seminars February 2013: registrations open

Langes+ invites you to this CPD seminar for financial services providers.

In response to feedback we have added a breakfast session for Responsible Managers and a session dealing with Privacy (including the new Australian Privacy Principles and credit reporting) which will be relevant to both marketers and collections staff.

The seminar will cover all the ‘must-know’ rules and traps for each topic. Topics are selected for their relevance and contain practical case studies and examples with time allowed for discussion.

We look forward to seeing you.

PROGRAM

Session 1 (bookable separately)
8am to 9.45 am Introduction to Responsible Managers’ duties (including light breakfast from 7.30am)

Session 2
10 am to 11am Marketing issues:
advertising credit and financial services, dealing with referrers and linked credit

Session 3
11.15 am to 1pm Privacy Act changes (including changes affecting marketing and credit reporting)

Light lunch

Session 4 Collections issues
1.45 pm to 3pm Credit enforcement update: hardship, mortgagee sales and resolving EDR Complaints

When and where
Brisbane 19 February 2013
Sydney 20 February 2013
Melbourne 26 February 2013
Adelaide 27 February 2013

Fees
Whole Program: $550.00 (incl GST)
$495 if you pay by 31 January 2013
$467.50 per person if 3 or more attend from same organisation
OR
All sessions bookable separately
Session 1 $200 (incl GST) ($180 if paid by 31 January 2013)
Sessions 2, 3 and 4 $165 each (incl GST) ($148.50 each if paid by 31 January 2013)

Register now
Brisbane
Sydney
Melbourne
Adelaide

Print This Post Print This Post

Posted 4th December 2012 by David Jacobson in Compliance, Corporations Act, Financial Services, Marketing, National Credit Code, Privacy

November 29, 2012

Privacy Amendment Bill passed

The Senate amendments to the Privacy Amendment (Enhancing Privacy Protection) Bill 2012 were agreed to by the House of Representatives on 29 November and the Bill is awaiting Royal Assent. (Background).

Although the reforms will likely commence in March 2014, on a date 15 months after Royal Assent, once the credit reporting provisions commence credit providers will be able to use credit information collected from the date of Royal Assent.

Civil penalties of up to 2,000 penalty units (equivalent to $340,000) are imposed for breaches of the credit reporting provisions in the Act.

If the offending entity is a body corporate the maximum penalty is 5 times the amount of the pecuniary penalty specified for the civil penalty provision (ie a maximum of $1.7million.)

You can see the Privacy Commissioner’s response here

Print This Post Print This Post

Posted 29th November 2012 by David Jacobson in Financial Services, Marketing, National Credit Code, Privacy

November 28, 2012

Privacy Bill passes Senate

The Privacy Amendment (Enhancing Privacy Protection) Bill 2012 has been passed by the Senate, with amendments.

The Bill will now been sent back to the House of Representatives to approve the changes. UPDATE: Amendments approved by House of Reps. More here.

The commencement period of the Bill has been delayed to 15 months after Royal Assent (instead of 9 months).

A number of these amendments respond to the recommendations of the Senate Legal and Constitutional Affairs Legislation Committee’s (the Committee) report into the Bill.

Apart from technical clarifications the changes:

  • Specify that at least 14 days must elapse from the giving of a written notice before a default is recorded as part of an individual’s credit reporting information
  • allow mortgage insurers, who are not credit licensees, to access repayment history information.
  • insert additional matters that must be contained in a credit provider’s policy.
  • insert additional notification obligations which a credit provider must satisfy at, or as soon as practicable after, the collection of information.

Langes will be working with clients to help with the transition.

Background
The Bill amends the Privacy Act to:
• Create the Australian Privacy Principles (APPs), a single set of privacy principles applying to both Commonwealth agencies and private sector organisations, which replace the Information Privacy Principles (IPPs) for the public sector and the National Privacy Principles (NPPs) for the private sector
• Introduce more comprehensive credit reporting with improved privacy protections, at the same time updating the provisions to more effectively address the significant developments in the operation of the credit reporting system since the provisions were first enacted in 1990
• Introduce new provisions on privacy codes and the credit reporting code (called the CR code), including powers for the Commissioner to develop and register codes in the public interest that are binding on specified agencies and organisations; and
• Clarify the functions and powers of the Privacy Commissioner and improve the Commissioner’s ability to resolve complaints, recognise and encourage the use of external dispute resolution services, conduct investigations and promote compliance with privacy obligations.

Print This Post Print This Post

Posted 28th November 2012 by David Jacobson in National Credit Code, Privacy

July 24, 2012

Reminder: Responsible Manager seminars

Time is running out to register for our next Responsible Manager seminars in August 2012.

The seminars will discuss:

  • preparing for an ASIC compliance audit
  • advertising issues
  • specific issues relevant to responsible managers of both AFS licensees and credit licensees
  • the proposed credit enhancements and the credit card changes.

They will be practical and interactive.

Key Information
* Cost: $385 (incl GST) per person
* CPD points: 3 points
* Time: 9am – 12:30 noon (registration 8:30am)
* Location: Brisbane, Sydney, Melbourne, Adelaide
* Designed for: Responsible Managers who wish to stay up to date with all the relevant finance industry regulatory news

When and where
Brisbane: Tuesday 21 August 2012
Sydney: Wednesday 22 August 2012
Melbourne: Tuesday 28 August 2012
Adelaide: Wednesday 29 August 2012

Register online now

Brisbane

Sydney

Melbourne

Adelaide

For more information contact David Jacobson.

Print This Post Print This Post

Posted 24th July 2012 by David Jacobson in Compliance, Financial Services, National Credit Code
Older Posts »