Skip to main content
Skip to secondary navigation
Australian Government - Office of the Australian Information Commissioner - Home

Privacy fact sheet 27: Credit reporting series glossary

pdfPrintable version246.53 KB

May 2014 (updated March 2019)

Credit reporting 'know your rights' no. 2

This fact sheet is the second in a series that outlines what you need to know about how your personal information can be handled in the Australian consumer credit reporting system. There are lots of technical terms used in the credit reporting system and we refer to some of those terms in this series. To assist in understanding the information, this fact sheet contains an explanation of technical terms that are used throughout the series.

APP entity

An APP entity is an Australian Government (or Norfolk Island Government) agency or a private sector organisation that is required to comply with the Australian Privacy Principles (APPs) in the Privacy Act 1988 (Privacy Act). For more information see the APP guidelines.

Australian Credit Licence

An Australian Credit Licence is issued by the Australian Securities and Investments Commission (ASIC), to credit providers that provide certain types of credit. For more information see ASIC’s website.

Australian Privacy Principles (APPs)

The Australian Privacy Principles (the APPs) are legally binding principles that set out standards, rights and obligations in relation to handling personal information. They apply to APP entities. For more information about the APPs see the APP Guidelines.

Commercial credit

Commercial credit is any credit that you have applied for that is not for personal, household or family purposes. This includes business loans and goods or services that you have purchased as part of conducting a business where payment has been deferred.

Consumer credit

Any credit that you apply for, or that is provided to you, that you intend to use wholly or primarily:

  • for personal, family or household purposes, or
  • to acquire, maintain, renovate or improve residential property for investment purposes, or
  • to refinance consumer credit that has been provided wholly or primarily to acquire, maintain, renovate or improve residential property for investment purposes.

Consumer credit report

Your consumer credit report is a document produced by a credit reporting body (CRB) using personal information about you that has been provided by credit providers, or obtained from other sources.

The credit reporting laws determine what information can be included in your consumer credit report. This includes, for example, information about any credit applications that you have made.

It may also contain information about problems that you have had meeting your repayment obligations, such as defaults, court judgements or bankruptcies.

CR code

The Privacy (Credit Reporting) Code (CR code) is a written code of practice about credit reporting. The CR code supplements the credit reporting provisions contained in Part IIIA of the Privacy Act. A breach of the CR code is a breach of the Privacy Act. The CR code is registered on the OAIC’s Codes Register.

Credit reporting laws

The laws regulating the handling of personal information for consumer credit reporting in Australia that are contained in the Privacy Act (principally in Part IIIA), the CR code and the Privacy Regulation 2013.

Credit provider

The following entities are included as credit providers for the purposes of the Privacy Act:

  • a bank
  • an organisation or small business operator if a substantial part of its business is the provision of credit, such as a building
    society, finance company or a credit union
  • a retailer that issues credit cards in connection with the sale of goods or services
  • an organisation or small business operator that supplies goods and services where payment is deferred for 7 days or more, such as a
    telecommunications carriers and energy and water utilities
  • certain organisations or small business operators that provide credit in connection with the hiring, leasing or renting of goods.

Importantly, the following entities are not credit providers:

  • real estate agents
  • general insurers, and
  • employers.

Credit reporting body (CRB)

A credit reporting body (CRB) is an organisation whose business involves handling personal information in order to provide another entity with information about the credit worthiness of an individual.

There are three main CRBs in Australia:

There are other CRBs that are not listed above. The credit reporting laws require your credit provider to tell you which CRBs they share your personal information with (for the purpose of inclusion in your consumer credit report) when you apply for credit.


An assessment of your creditworthiness includes an assessment of your:

  • eligibility to be provided with consumer credit,
  • history in relation to consumer credit, and/or
  • capacity to repay an amount of credit that relates to consumer credit.

For example, you may be considered more eligible to be provided with consumer credit (and therefore, have a high level of credit worthiness) if your consumer credit report shows that:

  • that you consistently meet your repayments on time, or
  • that you have not defaulted on a consumer credit payment

and does not contain other information that would make additional credit unsuitable under a credit provider’s responsible lending obligations.

External Dispute Resolution (EDR) Scheme

An external dispute resolution (EDR) scheme is a body that provides individuals with impartial dispute resolution services for resolving complaints.

Generally, a credit provider must be a member of an EDR scheme recognised under the Privacy Act to access your credit report.  

Personal information

Your personal information is information or an opinion about you, or from which you are reasonably identifiable. The information or opinion does not need to be true to be personal information.

Small business operators

A credit provider may also be a small business operator (SBO). Under the Privacy Act, an SBO is a person or organisation that has an annual turnover of $3,000,000 or less. However, certain types persons and organisations cannot be SBOs — for example, where they provide a health service or trade in personal information. For more information please see the OAIC website — Rights and responsibilities.

Importantly, SBOs are generally not APP entities, and therefore are exempted from complying with the APPs. However, SBOs that are credit providers must still comply with the credit reporting laws.

For further information

telephone: 1300 363 992
write: GPO Box 5218, Sydney NSW 2001
Or visit our website at