The Office of the Australian Information Commissioner (OAIC) has found that “change is required” to ensure regulation of the credit rating reporting system to ensure it is operating as it was intended.
The OAIC has completed a major review of the Privacy (Credit Reporting) Code 2014 (the CR Code) to determine whether it remains fit for purpose and provides adequate privacy protections for individuals.
The Australian Information Commissioner and Privacy Commissioner, Angelene Falk said an independent review of the Privacy (Credit Reporting) Code 2014 was held in 2021, seeking stakeholder views on how the credit rating and reporting system operated in practice and what improvements could be made to strengthen the credit reporting system.
“This important review to ensure regulation of this sector is operating as intended found that change is required,” Commissioner Falk said.
“The way Australians’ personal information is collected, handled and stored remains a significant issue as the credit reporting landscape has expanded and shifted through a time of social, technological and regulatory change,” she said.
“The introduction of comprehensive credit reporting and the rise of new products such as ‘Buy Now Pay Later’ are among significant changes since the last review in 2017.”
Commissioner Falk said the Review made proposals to amend the CR Code to strengthen privacy protections and provide greater clarity for industry on their obligations.
She said these included streamlining processes for individuals, such as getting access to their credit reports and correcting their information; introducing a ‘soft enquiries’ framework to allow people to shop around for credit products and seek quotes without information being included on their credit report; and offering automatic extension to people who had been subject to identity theft when they requested a ban on their credit report to prevent fraud.
“The OAIC plans to implement the proposals in the report over the next two years primarily through variations to the CR Code and OAIC guidance,” Commissioner Falk said.
“Where issues cannot be addressed through amendments to the CR Code or guidance, the OAIC intends to raise them with the Attorney-General so they can be considered in preparation for the review of Part IIIA of the Privacy Act required to be completed before 1 October 2024,” she said.
The OAIC’s 127-page Review Report can be accessed at this PS News link.