Our reference: 12/000039
Professor Ian Ramsay
Review Chair, Review into Dispute Resolution and Complaints Framework
PARKES ACT 2600
By email: EDRreview@treasury.gov.au
Review of the financial system external dispute resolution framework – Interim Report
I welcome the opportunity to comment on the Review of the financial system external dispute resolution framework – Interim Report (the interim report).
As outlined in my earlier submission to the Issues Paper, external dispute resolution (EDR) schemes are a part of the complaint handling framework in the Privacy Act 1988 (Cth) (the Privacy Act). For example, all credit providers participating in the credit reporting system under Part IIIA of the Privacy Act must be a member of a recognised EDR scheme. For a scheme to be formally recognised, I must consider it against relevant matters set out in the Privacy Act and Guidelines for recognising external dispute resolution schemes (EDR scheme guidelines).
Relevantly, the Financial Ombudsman Service (FOS) and the Credit Investments Ombudsman (CIO) are recognised EDR schemes under the Privacy Act. Consequently, an individual who considers that an entity has interfered with their privacy may make a complaint to a recognised EDR scheme of which the entity is a member (if the complaint falls within the scope of the scheme’s recognition), before making a complaint to the OAIC.
Proposed single industry ombudsman
The interim report outlines a number of draft recommendations to improve outcomes for consumers, in particular by addressing issues that are said to arise due to the existence of two industry ombudsman schemes with overlapping jurisdictions. To address this, the Panel has recommended that there should be a single industry ombudsman scheme for financial, credit and investment disputes (other than superannuation disputes) to replace the FOS and CIO.
I encourage the Panel to consider the potential impact that merging FOS and the CIO may have on the existing consumer credit reporting system and related privacy complaint handling framework. In summary, as participants in the credit reporting system must be a member of an EDR scheme recognised by me, any future scheme will need to encompass the existing span of membership of FOS and the CIO, and ensure that it is able to be ‘recognised’ as an EDR scheme for the purposes of the Privacy Act.
The OAIC has issued EDR scheme guidelines, which outline the matters I must take into account in considering whether to recognise an EDR scheme, the steps an EDR scheme should take to apply and the general conditions for ongoing recognition. Any new body would need to satisfy the benchmarks for recognition to handle privacy complaints and associated requirements set out in the Privacy Act and the EDR scheme guidelines.
Consequently, in developing the final recommendation regarding a single industry body, I encourage the Panel to consider whether the proposed single industry body could still achieve recognition under the Privacy Act. Achieving recognition would minimise disruption to the existing consumer credit reporting and privacy complaint handling framework.
Given the relevance of the OAIC’s responsibilities to the scope of the review, I would welcome the opportunity to engage with the Panel in the development of any recommendations that may affect the credit reporting system in Part IIIA of the Privacy Act or privacy regulation generally.
Should you wish to discuss these matters further, please contact Melanie Drayton, Assistant Commissioner, on [contact details removed].
Australian Privacy Commissioner
Australian Information Commissioner
 OAIC submission to the Panel’s Issues Paper ‘Review of the financial system external dispute resolution framework,’ October 2016, available at www.oaic.gov.au
 Section 21D(2)(a)(i) of the Privacy Act.
 Available at www.oaic.gov.au/agencies-and-organisations/advisory-guidelines/guidelines-for-recognising-external-dispute-resolution-schemes
Was this page helpful?
If you would like to provide more feedback, please email us at email@example.com