OAICnet — 23 January 2014

Privacy law reform update

Credit Reporting (CR) Code registered

The Credit Reporting Privacy Code (CR Code), a mandatory code that binds credit providers and credit reporting bodies, has been registered on the OAIC’s Codes Register and will take effect from 12 March 2014.

The CR code supplements the new credit reporting laws contained in the new Part IIIA of the Privacy Act and the Privacy Regulations 2013. For a full understanding of the new credit reporting provisions, the CR code must be read in conjunction with both Part IIIA and the Regulations. Importantly, a breach of the CR code is a breach of the Privacy Act and the Information Commissioner can use his enhanced powers under the privacy reforms, including agreeing enforceable undertakings or seeking civil penalties, in relation to any breaches.

The CR code was developed by the Australian Retail Credit Association (ARCA) in consultation with industry and consumer groups. The registration of the CR code is a significant milestone in the implementation of these important amendments to the Privacy Act.

Read more on the Office of the Australian Information Commissioner (OAIC) website.

For a more detailed explanation of the credit changes see: Privacy business resource 3: Credit reporting — what has changed and Privacy fact sheet 16: Credit reporting — repayment history information.

The OAIC is in the process of producing education materials about the new credit reporting system aimed at consumers.

APP Guidelines

The OAIC is currently considering the feedback received during the consultation process on the draft APP Guidelines. We are aiming to get these finalised and published as soon as possible.


Consultation — Privacy (Persons Reported as Missing) Rules 2014

A reminder that the public consultation on the draft Privacy (Persons Reported as Missing) Rules 2014 closes for comment on Friday 31 January 2014.

Subsection 16A(2) of the amended Privacy Act states that the Commissioner may make rules relating to the collection, use or disclosure of personal information by APP entities to assist in the location of missing persons.

Submissions may be sent to consultation@oaic.gov.au


Information Commissioner review decisions

Philip Morris Ltd and Department of Health [2014] AICmr 5 (17 January 2014)
Whether dealing with request would be a substantial and unreasonable diversion of resources — (CTH) Freedom of Information Act 1982 (FOI Act) ss 24, 24AA, 24AB

Australian Private Hospitals Association and Department of the Treasury [2014] AICmr 4 (16 January 2014)
Whether giving access would disclose information that would reasonably be regarded as irrelevant to the request — Cabinet documents — Whether disclosure of documents would reveal Cabinet deliberations — Whether disclosure would disclose commercially valuable information — Whether documents disclose deliberative matter — Whether contrary to public interest to release conditionally exempt document — (CTH) FOI Act ss 22, 34, 47, 47C

Nolen and Special Broadcasting Service [2014] AICmr 2 (14 January 2014)
Whether reasonable steps taken to find documents — Legal professional privilege — Whether documents are subject to legal professional privilege — Whether legal professional privilege waived — (CTH) FOI Act ss 24A(1), 42

Welch and Department of Foreign Affairs and Trade [2014] AICmr 3 (14 January 2014)
Whether reasonable steps taken to find documents — Information as to the existence of certain documents — (CTH) FOI Act ss 24A, 25

AW’ and Australian Taxation Office [2014] AICmr 1 (10 January 2014)
Refusal of access to documents — Whether reasonable steps taken to find documents — Whether computer user ID codes exempt from disclosure — (CTH) FOI Act ss 24A, 47E

Please refer to our website for a full list of Information Commissioner reviews


New FOI Guidance material

In December the OAIC updated Part 4 of the FOI Guidelines (Charges for providing access). The new version is available on the OAIC website, along with a summary of the update.

The OAIC also released four new sample FOI notices: acknowledgement of request to amend personal information; decision to amend personal information; decision not to amend personal information; agreement to settle Information Commissioner review proceedings (s 55F).

These notices are available as part of FOI agency resource 11: Sample FOI notices.


OAIC resources now available in different languages

A number of OAIC resources have been translated into languages other than English. This information is available in Arabic, Chinese, Greek, Italian, Korean, Russian, Spanish, Thai, Turkish and Vietnamese.


Event — iappANZ Privacy Wrap Up Training Workshop (Sydney)

The International Association of Privacy Professionals — Australia and New Zealand (iappANZ) will present a wrap up of significant privacy reforms across key areas, including health, credit reporting, data security and offshoring.

Speakers at the workshop include:

  • Timothy Pilgrim, Privacy Commissioner, OAIC
  • James Kelaher, Director, Smartnet
  • Olga Ganopolsky, General Counsel, Veda
  • Peter Leonard, Partner, Gilbert +Tobin.

When:  Wednesday 12 February 2014, 2.30pm for 3.00pm start. Finish 5.15pm

Where: Office of the Australian Information Commissioner (OAIC),
Room 1, Level 3, 175 Pitt Street, Sydney (near corner Pitt and King streets)

Cost: Free for iappANZ members. $99 for non-iappANZ members. Cost deductible from membership joining fee

To register, please visit the iappANZ website.


Event — iappANZ Data In Flight Training Workshop (Melbourne)

iappANZ will present a two hour intensive workshop on the offshoring of data on Wednesday 19 February 2014. 

Speakers at the workshop will include:

  • Peter Leonard, Partner, Gilbert +Tobin
  • Helaine Leggat, CoFounder Information Legal
  • Carolyn Lidgerwood, Senior Advisor/Counsel, Rio Tinto

When: Wednesday 19 February 2014, 5pm–7.30pm

Where: Gilbert +Tobin Lawyers, Level 22, 101 Collins Street, Melbourne, Victoria, 3000.

Cost: Free for iappANZ members. $99 for non-iappANZ members. Cost deductible from membership joining fee

To register, please visit the iappANZ website.


Data Privacy Day 2014

Data Privacy Day is being held on 28 January 2014 and is an international awareness day (primarily celebrated in the United States, Canada and Europe) to provide education about information privacy. 

The OAIC is proud to be a Data Privacy Day Champion.

For more information see http://www.coe.int/t/dghl/standardsetting/dataprotection/default_en.asp and www.staysafeonline.org/dpd/.


Privacy Awareness Week 2014

Privacy Awareness Week will be held from 4–11 May 2014, but it’s not too soon to get involved. The OAIC is calling for PAW partners. In the year of law reform, this is a perfect way to demonstrate your commitment to best privacy practice. Being a partner is a non-financial arrangement, we just ask that you promote and encourage privacy awareness during the Week.

Please get in touch with the OAIC to find out more.


If you would like to subscribe to the OAICnet eNewsletter please subscribe on our website.

Share this page

Protecting information rights — advancing information policy