Implementing Privacy Principles in Credit Reporting

This is a response to the Australian Law Reform Commission (ALRC)'s Issues Paper 32, Review of Privacy: Credit Reporting Provisions, which is part of the first stage in the ALRC review of the extent to which the Privacy Act and related laws provide an effective framework for the protection of privacy in Australia. The submission argues that a review of the existing credit reporting provisions in the Privacy Act 1988 should not be divorced from a more fundamental review of the use of consumer credit information, including the controversial proposals for comprehensive or 'positive' reporting. The existing system already has elements that go beyond negative reporting, and it is timely to examine the collection use and disclosure of credit information by all parties including credit providers, credit reporting agencies, service providers such as debt collectors, and third parties seeking access to credit information for non-credit related purposes, such as identity management. The submission analyses the existing provisions, and proposed changes, by reference to the more general, and more recent, National Privacy Principles in the Privacy Act. It argues that a modernised credit information privacy regime would move away from the current 'one size fits all' approach towards different levels of access to credit information, which would recognise the legitimate information needs of different business interests without exposing individuals information to greater risk of misuse. It would also give greater emphasis to enforcement of the rules, either by the Privacy Commissioner or by another regulator.