The Office of the Australian Information Commissioner (OAIC) has published a FAQ setting out its views on the notice required to be given to individuals before their repayment history information can be collected and disclosed as a result of amendments to the Privacy Act made by the Privacy Amendment (Enhancing Privacy Protection) Act 2012.
In part it states:
“Prior to the commencement of the reforms, a credit provider that collects repayment history information (RHI) that it intends to disclose to a credit reporting body (CRB) after commencement should, at a minimum, comply with the notification requirements in National Privacy Principle (NPP) 1 (Collection). For example, the credit provider should notify the individual at or before the time of collection of the RHI that the credit provider will disclose that information to CRBs from March 2014; see NPP 1.3(d).
There is also an argument that, from commencement, a credit provider cannot disclose RHI to a CRB unless it has, to the extent possible, met the notification requirements in s 21C of Schedule 2 of the Privacy Amendment (Enhancing Privacy Protection) Act 2012. The OAIC, therefore, recommends that credit providers also meet the additional notification requirements in s 21C. For example, by notifying the individual of the name and contact details of any CRB to which the credit provider is likely to disclose the individual’s RHI; see s 21C(1)(a).”
We will be discussing notification and transition issues at our February seminars.
Print This Post
Posted 29th January 2013 by David Jacobson in Financial Services, Privacy