Privacy (Credit Reporting) Code 2014
The submission to the Office of the Information Commission's (OAIC) review in to the Privacy (Credit Reporting) Code 2014 (Code) was prepared by the Privacy Law Committee of the Business Law Section.
The Committee notes the significance of the Code as a key legislative instrument regulating the conduct of credit providers (CPs) and credit reporting businesses (CRBs) as they use and disclose this class of highly regulated personal information for credit risk and related processes. CPs and CRBs must comply with the Code as a breach of the Code is an 'interference with privacy' (section 13(2)(b)) and may expose the respective CRB or CP to some of the higher sanctions available under the Privacy Act 1988 (Act) (including the civil penalty provisions).
The Committee appreciates that many of the Issues nominated as items for review are, by their nature, highly operational and are directly linked to various credit risk specific processes. We have therefore confined our comments to a number of legal issues or themes, namely:
a) the interaction of the Code and the Act, as an instrument passed pursuant to the Act;
b) changes, if made, would represent a departure from current law or practice and appear to be inadvertent or require further deliberation and testing so as to minimise negative or unintended consequences; and
c) matters as noted in the Code review that overlap with other legal developments.
For brevity and consistency, we have simply referred to the issues as numbered and articulated by PwC in the Issues Paper as dated 20 September 2017 (the Paper).
You can read the full submission below.