Credit providers and credit reporting bodies will be subject to stricter rules about how they handle Australians’ credit information under the new Privacy (Credit Reporting) Code 2024 (version 3.0) (Credit Reporting Code), registered by the Office of the Australian Information Commissioner (OAIC) on 1 October. Credit reporting was flagged as a continuing area of interest in the OAIC’s recently released Corporate Plan for 2024-25.

This Code, which is mandatory, replaces the Privacy (Credit Reporting) Code 2014 (Version 2.3), and implements a number of the OAIC’s recommendations from its 2021 independent review of the Credit Reporting Code. It supplements Part IIIA of the Privacy Act 1988 (Privacy Act), which relates to credit reporting, and the Privacy Regulation 2013.

Privacy Commissioner Carly Kind has indicated that the new Code not only provides better protection for the rights and interests of individuals, but also has benefits for industry including:

  • enhanced usability of the Credit Reporting Code and explanatory materials as they now mimic other legislative instruments
  • improvements to the explanatory statement, including provision-by-provision explanations, practical guidance and examples to help industry understand and comply with its obligations
  • further information around the definition of a reporting ‘month’ to help industry comply and input information into their systems
  • changes to the ‘account close’ date definition to ensure consistency and certainty when industry are calculating this to report consumer credit liability information
  • transitional periods to enable time to update systems before compliance is required.[i]

The OAIC worked with industry and in particular the Australian Retail Credit Association (Arca) to develop the 2024 Credit Reporting Code.[ii] In announcing its registration, Commissioner Kind has expressed the hope that these enhancements will assist industry to meet its obligations and in doing so ‘increase the trust and confidence of the Australian community…’

Importantly, entities bound by the Credit Reporting Code – all credit providers other than most ‘non-participating’ credit providers, all credit reporting bodies and affected information recipients – should be aware that a breach of the Credit Reporting Code is a breach of the Privacy Act.

Need help?

For more information about individuals’ rights and industry obligations under the Privacy Credit Reporting Code 2024, please contact Deidre Missingham.

This article is for general information purposes only and does not constitute legal or professional advice. It should not be used as a substitute for legal advice relating to your particular circumstances.

[i] See https://www.oaic.gov.au/news/media-centre/new-credit-reporting-code-strengthens-privacy-protections

[ii] See https://www.arca.asn.au/news-events/media-release-arca-developed-cr-code-approved-by-privacy-commissioner

 

For further information please contact:

This article is for general information purposes only and does not constitute legal or professional advice.  It should not be used as a substitute for legal advice relating to your particular circumstances.  Please also note that the law may have changed since the date of this article.