Chapter 9

Chapter 9



9.1        The Exposure Draft contains a range of new definitions. The committee has already commented on the complexity of some of these definitions in chapter 3 of this report. The following discussion covers issues raised by submitters about specific definitions.

Definitions contained in section 180

Consumer credit liability information

9.2        The consumer credit liability information definition refers to certain information, including the name of the provider, and the type of consumer credit, where a credit provider provides credit to an individual. This information includes four of the five new data sets.

9.3        The Communications Alliance commented that the provision of some consumer credit liability information may result in added complexity for telecommunications companies, for example, if the type of credit account requires detailed explanations such as a post-paid mobile service, a home phone service, or an internet service rather than simply specifying that a telecommunications service has been provided. Other matters which will require clarification for telecommunications companies include when an account for a telecommunications service is considered to be 'opened', for example, upon the application being approved, when the SIM card is activated (for a mobile service), upon first use, etc. Similarly, information on when an account is considered to be 'closed' requires clarification as many telecommunications services can be 'deactive' or unused for some months before actually being disconnected or having the telephone number or email address cancelled.[1]

9.4        The Communications Alliance also noted that information on a credit limit is problematic for most telecommunications services as there are no 'credit limits' as such. Instead, telecommunications customers have access to a vast range of different products, services, pricing plans and spend control tools. In addition, a 'credit limit' as used in the banking and financial sectors, indicates a cut-off point where additional 'credit' is no longer available to customers. This does not currently exist with post-paid telecommunications services (although pre-paid services do function in this way).[2]

Court proceedings information

9.5        The Consumer Credit Legal Service WA (CCLSWA) commented that there was ambiguity in the definition of 'court proceedings information'. The CCLSWA noted that in Western Australia, summonses are routinely listed on consumers' credit information files. This appears to occur only in Western Australia. The CCLSWA pointed to cases where the listing of summonses has had a significant impact on consumers' ability to obtain credit even though their liability has not been established. In addition, the CCLSWA noted a summons remains on a credit information files for four years even if proceedings are discontinued or the claim is unsuccessful. This listing prevents consumers with summons on their credit information file from obtaining credit regardless of whether a claim is successful.

9.6        The CCLSWA voiced concern that the definition will allow the continuation of this practice: the inclusion of 'information about a judgment' in the definition could be interpreted widely to include the originating summons, as currently appears to be the case. The CCLSWA argued that summonses should be precluded from permitted content of credit information files.[3]

9.7        The Consumer Credit Legal Centre (NSW) (CCLC) noted that 'court proceedings information' is defined as judgments in relation to 'any credit that has been provided to, or applied for by, the individual'. CCLC was of the view that only judgments should be relevant (no other proceedings) and only those relating to 'credit'. CCLC provided the example of a dispute with a builder arising from a contract to undertake work. The dispute may be over the quality of the work, or the interpretation of the contract. In such a case, the fact that the individual loses the dispute should not be relevant to the individual's credit eligibility unless they fail to pay the judgment debt.

9.8        The CCLC concluded that to allow such information to be used 'undermines the legal rights of individuals to conduct any form of civil dispute'. For the same reason, court proceedings information that is publicly available information should not be able to be provided as part of a credit reporting information or credit report derived information supplied by a credit reporting agency.[4]

Committee comment

9.9        The committee considers that any ambiguity about the definition of 'court proceedings information' should be addressed to ensure that summonses cannot be listed on a consumer's credit information file.

Recommendation 25

9.10      The committee recommends that the definition of 'court proceedings information' be reconsidered to ensure that summonses cannot be listed on a consumer's credit information file.

Identification information

9.11      The definition of 'identification information' includes such information as full name, date of birth and sex. The only form of government identification included is a driver's licence. Some submitters argued that other data, for example a passport number, or a State-issued identification card available for those who don't or can't drive should be included. It was stated that the restriction in the definition impacts on the ability of credit reporting agencies and credit providers to meet other regulatory requirements (for example, Anti-Money Laundering and Counter Terrorism Financing Act 2006 requirements) as well as matching records supplied by various sources, thus potentially undermining the goal of providing a credit report that is 'accurate, complete, and up to date'.[5]

9.12      The Australian Finance Conference (AFC) also commented that the words 'alias or previous name' should be clarified so that, notwithstanding the provisions of the Acts Interpretation Act, it is clear that more than one alias or previous name can be included as identification information.[6]

9.13      The Australian Privacy Foundation (APF) submitted that it would be preferable for 'identification information' to be replaced with 'credit identifying information'. This would ensure that the term which is credit specific is not taken out of context and used as a precedent for other contexts.[7]

Committee comment

9.14      The committee notes that the definition of 'identification information' is based on the existing Privacy Commissioner Determinations under the Privacy Act 1988 1991 No 2 (s.18E(3)) concerning identifying particulars permitted to be included in a credit information file.[8] In relation to use of government identifiers, the committee notes that the general policy on the use of government identifiers is set out in Australian Privacy Principle 9. The committee does not consider that the use of government identifiers should include identifiers other than a drivers licence. Drivers licences are currently used for identification purposes and any expansion to include other identifiers may lead to targeting of databases for identity fraud. However, the committee considers that matters in relation to Anti-Money Laundering and Counter Terrorism Financing Act 2006 should be further investigated to ensure that the definition does not restrict entities from meeting their regulatory obligations.

Recommendation 26

9.15      The committee recommends that the definition of 'identification information' be reviewed to ensure that it does not restrict the ability of credit reporting agencies and credit providers from meeting other regulatory requirements.

Section 181 – Meaning of credit information

9.16      The meaning of credit information includes 'publicly available information about the individual'. The Office of the Australian Information Commissioner (OAIC) submitted that this should be subject to further limits. The OAIC stated it understood that this provision is to ensure that publicly available information that credit reporting agencies may be collecting (not currently captured under Part IIIA of the Privacy Act) is given adequate privacy protections. The OAIC commented:

A key privacy issue in credit reporting is the need to limit collection and sharing of personal information to that what is necessary and relevant. There needs to be a clear distinction between what is relevant to assessing eligibility for credit (and subject to additional regulation) and other information. The definition of 'credit information' may be intended to classify the limits of personal information that is relevant for CRAs to provide to credit providers to assess individuals' creditworthiness. [9]

9.17      However, the OAIC was of the view that the current scope of 'publicly available information' that may be included as 'credit information' seems broad, and its limits are unclear. In particular, the OAIC pointed to the increasing amount of personal information publicly available online, including from social networking sites. While the relevance and accuracy of such information may be doubtful (and give rise to an increasing number of complaints), it may fall within the scope of subsection (k).[10] In order to improve clarity and certainty, the OAIC recommended that additional limitations be placed on subsection (k) of the 'credit information' definition. Amendments could allow regulations, the new Credit Reporting Code, or rules issued by the Information Commissioner, to further limit its scope or specifically prescribe what publicly available information can or cannot be included as 'credit information'.

Committee comment

9.18      The committee supports amendment of subsection 181(k) to provide greater clarity and certainty for the meaning of 'publicly available information' as proposed by the OAIC.

Recommendation 27

9.19      The committee recommends that section 181 be reviewed to provide for greater clarity and certainty in the meaning of 'publicly available information' as proposed by the Office of the Australian Information Commissioner.

Section 182 – Meaning of default information

9.20      The definition of 'default information' refers to the circumstances where an individual is overdue in making a repayment relating to consumer credit or under a guarantee. The issues in relation to the meaning of default information went to the time lag in listing of a default, the inclusion of the amount of $100 in the definition and statute barred debts.

9.21      The Australasian Retail Credit Association (ARCA) commented that the meaning of default information in the current Privacy Act and the current Credit Reporting Code of Conduct has been the source of much discussion and difficulty in interpretation. In particular, the amount for which a default can be listed, is the amount reported to the consumer 60 days ago, less any payments but not any further charges or interest. ARCA stated that as a result, the amount of the listing is not equal to the actual amount owed on the day of the listing. Of further issue is the criterion for listing: as it is 'open ended', defaults can be listed when the criteria is met, later or never at all. Finally, ARCA stated it was expected that the Government would leave the detail of the definition of default to be addressed in the new Code of Conduct, as indicated in its response to the ALRC's recommendations.

9.22      ARCA also argued that the provisions for guarantor defaults place additional requirements on credit providers prior to listing defaults against guarantors. It appears that an additional 60 days must elapse, on the basis of having to wait until 60 days from the day on which the notice to the primary debtor was provided, before listing a default against the guarantor.[11]

9.23      Both the Energy & Water Ombudsman NSW and Telstra commented on the provisions requiring that the debt must be more than $100 or such higher amount as prescribed by regulations. The Energy & Water Ombudsman NSW suggested an increase to $300 to exclude small utility bills from the adverse consequences of credit listing.[12] Telstra however, stated that the threshold amount is an important issue to telecommunications providers and others who provide ongoing services on a deferred payment basis. The availability of effective credit management tools to deal with customers who are very late in paying and have been warned of credit management action impacts on the ability of telecommunications providers to offer 'post-paid' services. Listing of those customers with a credit reporting agency assists in controlling overall bad debts which benefits the majority of customers who pay in a timely fashion. Telstra therefore suggested that the reference to the regulations should be excluded as any further changes to the threshold amount should be made with the full scrutiny of legislation, rather than regulations.[13]

9.24      Both Legal Aid Queensland and the CCLC noted that the Government Response to ALRC Recommendation 58–1 accepted that there should be a prohibition on the listing of any overdue payment where the credit provider is statute-barred from recovering the debt. However, the CCLC argued that the acceptance of this recommendation is not adequately reflected in the exposure draft as:

Section 182(1)(c) is the only provision I can find which reflects this section of the response. It stipulates that in order to be 'default information' under the draft legislation the provider must not be 'prevented by or under any Australian law from bringing proceedings against the individual to recover the amount of the overdue payment'.

The problem with this drafting is that plaintiffs are entitled to bring proceedings for statute barred debts and it is up to the defendant to plead the statutory limitations as a defence. As a result the above provision does not appear to be sufficient to meet the Government commitment.[14]

9.25      Legal Aid Queensland (LAQ) commented:

The draft legislation does not allow a credit provider to list default information in relation to an overdue payment if the provider is prevented from bringing legal proceedings against the individual to recover the amount of the overdue debt - S182(2)(e). Unfortunately the limitation of actions legislation in various states do not prevent the credit provider from bringing proceedings. Instead the law provides a complete defence to a consumer on the ground that the debt is statute barred. To clarify the position, we would support an amendment that if the individual has a complete defence under any limitation of actions legislation, the credit provider is unable to list.

In addition, it appears that the restriction in the legislation is limited to the party that provided the credit so that an assignee of the debt or the debt collector may be able to list.[15]

Committee comment

9.26      The committee considers that concerns in relation to statute barred debts should be investigated to ensure that the ALRC's recommendation is adequately reflected in the credit reporting system.

Recommendation 28

9.27      The committee recommends that the meaning of 'default information' be reviewed to ensure that statute barred debts are prohibited from being listed.

Section 184 – Meaning of new arrangement information

9.28      The ANZ Bank argued that the provisions of section 184 are a prohibitive view of the provision of new arrangement information as borrowers and credit providers often amend repayment arrangements prior to default occurring to assist borrowers in the management of their finances. This includes temporary hardship arrangements as a result of natural disasters. The ANZ Bank went on to comment:

If credit providers are unable to disclose hardship arrangements that are entered into prior to default it will result in adverse repayment history being reported for the individual. The credit provider will be required to disclose that the individual did not make their standard monthly repayment even though they have entered into an alternative arrangement with the credit provider.[16]

9.29      Westpac also commented that the current definition only allows for new arrangement information to be reported when an account has previously been listed as being in default. Arrangements are generally the result of a customer, who is experiencing financial hardship, requesting assistance from a credit provider. However, the majority of hardship cases occur prior to default, including where hardship has resulted from a natural disaster. Westpac recommended that the provisions be amended to allow for reporting of 'pre-default' arrangements in this context in order to distinguish a temporary inability to pay from unwillingness to pay.[17] Comments on new arrangements are also provided in the discussion on complaints handling in chapter 5.

Section 187 – Meaning of repayment history information

9.30      Section 187 provides the meaning of 'repayment history information' such that if a credit provider provides consumer credit to an individual, certain information about the consumer credit is repayment history information. That information relates to whether or not an individual has met a monthly payment that is due and payable in relation to the consumer credit; the day on which the monthly payment is due and payable; and if the individual makes the monthly payment after the day on which the individual makes the payment — the day on which the individual makes that payment.[18] Regulations will also make provisions in relation to meeting an obligation to make a monthly payment and whether or not a payment is a monthly payment.

9.31      The CCLC did not support the inclusion of repayment history in credit reports as it considered that improved risk assessment can be met through the provision of other information now permitted to be collected, including current accounts, open and closing dates, and available credit limit.[19]

9.32      The CCLC also compared the requirement for a payment to be 60 days overdue before a default can be entered on a credit report, with the notification provisions and the opportunity provided to rectify that default with the repayment history proposals, which contain no such protections. The CCLC concluded that the introduction of repayment history information will:

9.33      The Credit Ombudsman Services Limited (COSL) also commented on the provisions for default listing and repayment history information. The COSL stated that some of the debate about what information should be adjusted before repayment history information is reported, has arisen because there is confusion between repayment history and default listings. Default listings can only be made if certain requirements are satisfied, and once made are clearly an adverse reflection on the customer's credit worthiness. However, repayment history is 'simply a month by month reporting of the timeliness of payments made by the customer and in itself is neither beneficial nor prejudicial'.[21]

9.34      Legal Aid Queensland (LAQ) commented that its support of more comprehensive credit reporting, including repayment history, was based on the precondition of a responsible lending framework. The LAQ argued that the provisions did not provide for responsible lending for all types of consumer credit and therefore the reporting of credit histories should be delayed until phase 2 of the current credit reforms are introduced.[22]

Meaning of repayment history information

9.35      The APF stated that the definition of 'repayment history information' does not clarify some outstanding issues about what is to be permitted and the format in which it can be recorded, and the extent to which the detail on this will be included in regulations and/or the Code.[23] The CCLC also commented that some matters are not clear including how the information will be recorded and when an affected individual will be notified about adverse information on their credit report. The CCLC went on to state that these issues are too important to be left to regulations and that they should be included in the primary legislation.[24]

9.36      ARCA commented that the provisions do not give certainty to a credit reporting agency's ability to provide a credit provider with 24 months of repayment history, nor do they provide certainty to the right of credit providers to provide credit reporting agencies with an initial download of repayment history. ARCA concluded that without the ability to make these initial transfers of information, 'the benefits of allowing for the reporting of repayment history will not accrue for many months or years'.[25] Westpac argued that the definition of repayment history information is likely to introduce practical complexity given the level of detail required.[26]

9.37      Veda Advantage saw the definition as 'very product specific' and therefore unhelpful. Veda Advantage was of the view that the definition should be more generic as the term can be well understood from other sources, for example, guidelines or codes.[27]

9.38      A further matter raised in submissions is that the definition of repayment history information only relates to monthly payment arrangements. It was noted that many credit arrangements are based on different repayment periods, such as weekly or fortnightly.[28] The ANZ Bank noted that there is provision for regulations to further define monthly payments. However, the ANZ Bank preferred that section 187 be amended to allow for repayment arrangements that are not monthly rather than this being dealt with by the regulations.[29]

Access to repayment history information by non-licensees

9.39      Citigroup also raised the issue of access to repayment history information by charge card issuers. For example, Diners Club issue charge cards and are exempt from the obligation to maintain an Australian Credit Licence under the National Consumer Credit Regulations. However, the Exposure Draft permits certain disclosures only to licensees, for example, subsection 108(4) prohibits a credit reporting agency from disclosing credit reporting information that is or was derived from repayment history, unless the disclosure is to a credit provider that is a licensee and subsection 132(2) limits disclosure of repayment history to credit reporting agencies by a credit providers that are licensees. As a result Diners Club is unable to receive or provide repayment history information including from related corporate bodies such as Citi.[30]

9.40      Citigroup stated that:

We assume that this is an unintended consequence of the legislation as the effect to exclude charge card providers from the benefits of enhanced reporting appears illogical. That a business is structured in such a way so as to not require an Australian Credit Licence should not in itself mean that it is inappropriate for that business to have access to repayment history information.[31]

9.41      In order to address this concern, Citigroup proposed that:

Exempted credit provider means any provider of credit under a credit contract to which Schedule 1 of the National Consumer Credit Protection Act would apply but for an exemption under that Act.[32]

9.42      The Communications Alliance also commented on the access to repayment history information by non-licensees as telecommunications providers are not holders of Australian Credit Licences. While most members of the Alliance were supportive of this approach, some providers expressed an interest in being able to opt-in to disclose repayment history information to credit reporting agencies.[33]

Grace periods

9.43      The CCLC argued that there should be a minimum grace period included in the regulations to ensure that payment system delays and minor oversights are not captured in the reporting system. This, it was argued, would lead to 'an explosion of complaints and potentially inaccurate data'. The CCLC noted that those opposed to a grace period argued that consumers quickly learn what the grace period is and start treating the end of the grace period as the due date. While acknowledging that this may occur, the CCLC was of the view that there will be fewer complaints as a result of payment system delays and minor oversights if a grace period was allowed.[34]

9.44      The COSL also commented on 'innocent' late payments, that is, payments which are received late because of matters beyond the control of the customer. The COSL observed that although this is equally likely to affect all customers, it is unlikely to occur so frequently on any individual's credit record to affect a lender's overall assessment of their credit history or creditworthiness. The COSL concluded that:

The integrity of the system requires it to contain an objective record of borrowers' actual repayment histories, reported in a timely and consistent manner. There are many reasons why a customer's payment may be late, and a repayment history database may not necessarily be the most appropriate place for all of those reasons to be identified and recorded. If certain late repayments were to be excused, that is to say, regarded as not being late, it would appear that:

Notification of late payment listing

9.45      The CCLC observed that there is no provision for consumers to be notified if a late payment is to be listed. The CCLC argued that this is 'totally inadequate and procedurally unfair'. While the Department of the Prime Minister and Cabinet has indicated that this matter will be dealt with in the regulations, the CCLC submitted that the regulations for such notifications must be time specific and prescribe the form in which the notification is to be given.[36]


9.46      The issue of hardship flags on credit reporting histories is discussed in chapter 4.

Committee comment

9.47      The committee has noted the comments in relation to grace periods. The committee understands that grace periods are available in some overseas jurisdictions including the United Kingdom. The committee considers that there are benefits in the provision of grace periods in relation to information in repayment histories.

Recommendation 29

9.48      The committee recommends that consideration be given to the inclusion of provisions for grace periods in relation to information in repayment histories.

Section 188 – Meaning of credit provider

9.49      The definition of credit provider includes banks, certain agencies, organisations or small business operators. The concept of credit provider is broader under the new regime. For example, organisations or small business operators will be credit providers where they carry on a business or undertaking where a substantial part of that business or undertaking involves the provision of credit. Other organisations or small business operators may also be credit providers if they provide credit in connection with the sale of goods, the supply of services, or the hiring, leasing or renting of goods.[37]

9.50      The APF and Consumer Action both welcomed the exclusion of real estate agents, general insurers and employers from the definition of 'credit provider' but commented that the precise effect is unclear. Specifically, they submitted that the use of credit reporting for assessing potential tenants should be prohibited, as businesses other than real estate agents can and do undertake the management of rental properties (including landlords).[38]

9.51      The Financial Counsellors' Association of Queensland commented that the 'simplified' definition of credit provider could open the way for agencies that purchase debts to have a wider access to information contained in credit reports. These agencies then use the information to 'badger' consumers. The Association considered that agencies that purchase debts should only have restricted access to credit reporting information and should only have access to report that the account they purchased has been finalised.[39]

9.52      The CCLSWA voiced concern regarding the inclusion of small business operators in the definition of 'credit provider'. It stated that this will enable unsophisticated 'credit providers' to list defaults and access consumers' credit information files without understanding the credit reporting system or its effects on consumers. As a consequence, privacy breaches may occur and the actions of unsophisticated 'credit providers' may materially affect a consumer's ability to obtain credit without having the understanding of the privacy laws. CCLSWA submitted that the definition of 'credit providers' be restricted to those listed in subsection 188(1) of the Exposure Draft.[40]

9.53      The committee received submissions from the Communications Alliance and Optus on the effect of the definition on telecommunications providers. It was noted that under the Privacy Act, the Privacy Commissioner is able to make a determination that certain classes of corporations are to be regarded as credit providers for the purposes of the Privacy Act. Telecommunications companies are deemed to be credit providers by virtue of such a determination: the Credit Provider Determination No. 2006–4 (Classes of Credit Providers) as telecommunications companies provide goods or services on terms that allow deferral of payment for at least seven days.

9.54      However, it was argued that telecommunications companies use credit information in a vastly different way to banks and other financial sector entities as they provide goods and services to customers and allow them to pay after they have used the goods or services. Any 'trade credit' provided is only for use of those specific telecommunications products and services. It is not discretionary credit which can be spent on anything (like a credit card) or a large loan of money (such as for a mortgage or a car loan). Further, the 'trade credit' is provided on a fixed payment cycle; that is, the customer is required to pay in full each month for the telecommunications services they have used.

9.55      The Communications Alliance stated that access to, recording of and use of credit information by telecommunications companies is entirely different to that of traditional credit providers and is not taken into account in the Exposure Draft. As a consequence, the Communications Alliance suggested that the Exposure Draft be reviewed with the following objectives:

9.56      The Communications Alliance advised the committee that the Department of the Prime Minister and Cabinet had indicated at the Credit Reporting Roundtable held on 10 February 2011 that the Government is supportive of a Credit Code which would contain different rules for each of the different 'credit provider' types/industry sectors. The Communications Alliance concluded:

If telecommunications providers are to be required to comply with this new legislation, then it needs to be re-written to allow sufficient flexibility for different sectors, or be simplified and have more matters dealt with under the Credit Code for this same purpose.[41]

9.57      Optus also commented on the differences between telecommunications companies and traditional credit providers. Optus stated:

It is critical to us, therefore, to ensure that – just as we do not require additional data sets that are important to other types of credit providers – we are not captured by some of the new obligations requiring us to contribute additional data to the credit reporting agencies.

Any changes to the information we need to provide to the agencies will require upgrades to our computer systems, changes to internal processes and training hundreds of staff members. As the Committee can imagine, the costs of undertaking such tasks are not low – particularly where systems changes are involved.[42]

Committee comment

9.58      The committee notes the concerns of the APF and Consumer Action in relation to the use of credit reporting information for assessing potential tenants. While real estate agents are excluded from the definition of credit provider, it was argued that other entities manage rental properties. The committee considers that clarity regarding this matter could be provided in the Explanatory Memorandum.

9.59      The committee also notes the advice from the Department of the Prime Minister and Cabinet regarding the provision of different rules in the Code of Conduct for different types of credit provider and/or industry sector. The committee considers that use of the Code in this way would ensure flexibility of approach and recognition of the business practices of different industries.

Section 192 – Meaning of access seeker

9.60      Section 192 provides a meaning of access seeker in relation to credit reporting information or credit eligibility information, about an individual as:

9.61      The ALRC recommended (Recommendation 59–3) that a provision equivalent to subsection 18H(3) be included in the credit reporting provisions so that an individual may access their credit reporting information, for a credit-related purpose, with the assistance of a person authorised in writing. The Government accepted this recommendation and commented that this stringent approach was required so that credit reporting information does not become accessed for non-credit related purposes which would in turn undermine the role of credit reporting regulation. However, the Government went on to note that it was not intended to place onerous restrictions on third parties assisting individuals to communicate with credit reporting agencies or credit providers. The Government indicated that it would encourage the Office of the Privacy Commissioner to provide guidance on appropriate third party access to credit reporting information.[43]

9.62      The National Relay Service (NRS) commented that section 192 could be interpreted as covering someone in the role of relay officer. If this is the case, the NRS stated that it would imply that the NRS caller would need to provide prior written permission to the credit provider for the relay officer to be on the line because the relay officer would, in fact, be the 'access seeker'. While the Government response indicated that this was not intended to be an onerous restriction, the NRS considered that was indeed the case. Further, the NRS stated that this would also be impractical and it was 'concerned that it could reduce the NRS's ability to achieve its legislated intent'.[44]

9.63      The NRS provided the committee with three scenarios to illustrate that the proposed provisions would be:

9.64      The NRS concluded that it is concerned that the need for authorisation of a relay officer could reduce trust in the NRS and, overall, reduce the NRS's ability to achieve its legislated intent.[45]

9.65      The OAIC also commented on the 'access seeker' provision in relation to the NRS. The OAIC stated that the provisions may not take sufficient account of situations where individuals obtain access using the NRS and the need for individuals to provide written authorisation may be problematic. The OAIC noted that the Privacy Act currently only requires written authorisation for third parties that access information 'on behalf of an individual'. The ALRC took the view that the NRS was not involved in accessing information 'on behalf of an individual' and therefore written authorisation was not required under the current provisions. The OAIC noted that the ALRC, partly for this reason, did not recommend and express exception from the requirement to give written authorisation for users of the NRS. However, the OAIC commented that the Exposure Draft uses the term 'assists' rather than 'on behalf of' and, as such, it may require users of the NRS to provide written authorisation.

9.66      The OAIC suggested that the views of the NRS and its customers be sought to ensure the best outcome under the new credit reporting regime. Subject to those considerations, and the need for supplementary safeguards, the OAIC recommended that either:

9.67      Experian noted that there are certain entities, including real estate agents, which cannot be access seekers. Experian welcomed this provision but submitted that these exceptions alone do not place sufficiently stringent constraints on the types of entities that can obtain access to credit information on the basis of authorisation by an individual. It was noted that the ALRC recognised that third party access regimes are vulnerable to being used as a 'backdoor' means to allow entities, who are prohibited from obtaining credit information, to get indirect access to such information for non-credit related purposes. The Government Response also emphasised the need for stringent controls to 'assist in ensuring that credit reporting information does not become accessed for non-credit related purposes which would in turn undermine the role of credit reporting regulation'. Experian submitted that the Exposure Draft provisions should enable credit reporting agencies and credit providers to distinguish between applications by third parties who are genuinely assisting the individual in obtaining access to their credit information, and those where the third party is seeking to obtain access to information for its own purposes.[47]

Committee comment

9.68      The committee considers that the ability of individuals to access their credit reporting information with assistance from the NRS should not be hampered by onerous restrictions. However, as both the OAIC and the NRS have indicated, it is unclear whether the Exposure Draft requires individuals who use the NRS to access credit reporting information to provide written authorisation. To many individuals, the need to provide written authorisation may be problematic. In addition, this does not reflect the provisions of the current Privacy Act.

9.69      The committee considers that section 192 should be reviewed to ensure that onerous conditions are not placed on individuals accessing their credit reporting information via the NRS. The committee also recommends that the Department of the Prime Minister and Cabinet consult with the NRS and the Office of the Australian Information Commissioner to ensure that the most appropriate outcome is achieved.

Recommendation 30

9.70      The committee recommends that section 192 be reviewed to ensure that onerous conditions are not placed on individuals accessing their credit reporting information via the National Relay Service, in particular the need to provide written authorisation. Further, the committee recommends the Department of the Prime Minister and Cabinet, in undertaking the review, consult the National Relay Service and the Office of the Australian Information Commissioner.

Section 194 – Meaning of credit reporting business

9.71      The meaning of 'credit reporting business' includes a business that involves collecting, holding using or disclosing personal information about individuals for the purpose of, or for purposes including the purpose of providing an entity with information about the credit worthiness of an individual. Exemption by regulation is provided for.

9.72      Submitters commented that the definition of credit reporting business appears to remove the dominant purpose test that exists in the definition contained in the current Privacy Act. There was concern that the omission of a dominant purpose test may lead to other organisations being 'unintentionally captured' by the definition contained in the exposure draft, for example, a credit provider such as a bank.[48] The Australian Institute of Credit Management (AICM) commented that:

On a day-to-day basis, credit reporting currently functions within an industry code of conduct, governed by specific industry legislation and overseen by privacy regulators. It is an activity that has a unique set of obligations and remedies, and non-compliance carries substantial penalty. AICM is concerned that organisations which provide credit may unintentionally come within the definition of a credit reporting agency and as previously indicated be obliged to meet additional regulatory and compliance burdens.[49]

9.73      The AFC also noted the Government's intention to remove the dominant purpose test 'so that any business that engages in credit reporting regardless of whether it is a large or small component should be regulated' as a credit reporting agency. However, the AFC stated that as a result the definition of credit reporting business may be unintentionally broader than the Government's policy. The AFC provided the following example to illustrate its view:

...a current common industry practice for credit providers who are looking to offer credit is the exchanging of credit references with other credit providers. A normal component of this involves disclosing (with consent) personal information of a customer (existing or past) for the purpose of providing another entity with information about the individual’s history in relation to consumer credit (ie s. 180 defined credit worthiness of an individual). We understand that this practice is intended to be allowed to continue. As a consequence, as currently drafted any AFC credit provider member may meet the definition of a credit reporting business if it were to continue this practice. It would also likely meet the definition of an organisation (s. 17) and consequently be caught within the definition of a CRA (s. 180). We query whether this was intended. The inclusion of s. 194(3) adds a further aspect to our concern. We understand the intention was positive; namely, to ensure information sharing between related entities could continue without them being regarded as a CRA. However, it also potentially has the negative outcome of effectively indicating that a credit provider can fall within s. 194(1) without doing more than conducting its business of credit provision and consequently would be a CRA. We understand this was not the Government's intended outcome.[50]

9.74      While there is a regulation making power to exempt business or undertakings from the definition, the AFC argued that it would be preferable for the definition to be narrowed so that the practice of a credit provider engaging in credit reference exchanges with another credit provider does not constitute a credit reporting business or undertaking and consequently will not meet the definition of a credit reporting agency.[51]

9.75      Veda Advantage provided similar comments in relation to the dominant purpose test and stated that it should be reinstated to ensure a clear compliance framework. Veda went on to state that the definition is 'wide reaching' and 'then proposes exemptions through regulation. This creates uncertainty as it becomes possible for organisations to be regarded as conducting a credit reporting business on an incidental, temporary or transient basis'.[52] In addition:

This would make it very difficult (if not impossible) to have a stable, permanent and transparent compliance environment required to support credit reporting activity or activities.

It would also impact on the rights of consumers when it comes to enforcing their rights and the ability of regulators to audit and otherwise undertake enforcement activities as these relate to credit reporting.[53]

Committee comment

9.76      Submitters were strongly of the view that a dominant purpose test should be included in the meaning of credit reporting business. However, the committee notes that the Government's response in this regard was clear:

The Government proposes to remove the 'dominant purpose' test from the definition of 'credit reporting business' as it is concerned that any relevant business, regardless of whether credit reporting is a large or small component of its activities, should be covered by the credit reporting provisions. This would continue to allow a business to engage in other activities unrelated to credit reporting without being covered by the credit reporting provisions to the extent that the business activity is not being conducted for a credit reporting purpose.[54]

9.77      The committee therefore does not support the inclusion of a dominant purpose test.

9.78      In relation to the specific example provided by the AFC, the committee understands that a credit provider providing information to another credit provider is permitted under section 137 (if consent is given). If credit providers exchange information that does not fall within the definition of credit eligibility information, that is non-credit information, the exchange is covered by APP 6.

Navigation: Previous Page | Contents | Next Page