The Australian Information Commissioner, Professor John McMillan, made the decision to register the CR code under new credit reporting laws that aim to simplify, clarify and update the credit reporting provisions in the Privacy Act 1988. The changes, which all commence on 12 March 2014, include ‘comprehensive credit reporting’ which means that a limited number of new types of credit-related personal information are permitted to be held in the credit reporting system including, for mortgages, personal loans and credit cards, the type of credit, the credit limit and repayment history information. The move to more comprehensive credit reporting is accompanied by enhanced privacy protections for individuals relating to notification, data quality, access and correction, and complaints.
The CR code supplements the new credit reporting laws contained in the new Part IIIA of the Privacy Act and the Privacy Regulations 2013. For a full understanding of the new credit reporting provisions, the CR code must be read in conjunction with both Part IIIA and the Regulations. Importantly, a breach of the CR code is a breach of the Privacy Act and the Information Commissioner can use his enhanced powers under the privacy reforms, including agreeing enforceable undertakings or seeking civil penalties, in relation to any breaches.
The CR code was developed by the Australian Retail Credit Association (ARCA) in consultation with industry and consumer groups. The registration of the CR code is a significant milestone in the implementation of these important amendments to the Privacy Act.
For a more detailed explanation of the credit changes see: Privacy business resource 3: Credit reporting — what has changed and Privacy fact sheet 16: Credit reporting — repayment history information.
The OAIC is in the process of producing education materials about the new credit reporting system aimed at consumers