Office of the Australian Information Commissioner - Home

Australian Government - Office of the Australian Information Commissioner
Australian Government - Office of the Australian Information Commissioner

Main menu

Privacy fact sheet 40: Credit providers, the APPs and your credit report

pdfPrintable version227.22 KB

May 2014

Credit reporting ‘know your rights’ series no. 15

This fact sheet is the fifteenth in a series that outlines what you need to know about how your personal information can be handled in the Australian consumer credit reporting system. It contains information about when the Australian Privacy Principles (APPs) will apply to the handling of your consumer credit report (in addition to the credit reporting laws). There are lots of technical terms used in the credit reporting system and we refer to some of those terms in this series. You can find more information about these terms in no. 2 (Privacy fact sheet 27) of this series.

What laws apply to the handling of your credit report?

Credit reporting bodies

The credit reporting laws determine how a credit reporting body (CRB) must handle the personal information in your consumer credit report. Importantly, the APPs do not apply to the handling of that information by a CRB.

Credit Providers

All credit providers must comply with the credit reporting laws when handling your consumer credit report (or the personal information contained in that report). In addition, credit providers that are APP entities have to comply with specific Australian Privacy Principles (APPs).

Other recipients of your credit report

Certain APPs will also apply to any other recipients of your consumer credit report that are also APP entities. Like credit providers, this is in addition to the credit reporting laws.

When is a credit provider not an APP entity?

Generally, a credit provider that has an annual turnover of $3,000,000 or less and that is not a health service provider or trading in personal information, will be a considered a small business operator (SBO) and will not be an APP entity.

Importantly, credit providers that are SBOs must still comply with the credit reporting laws.

Do the APPs apply to a credit provider that handles personal information not contained in your credit report?

Importantly, a credit provider that is an APP entity must comply with all the APPs when handling other types of personal information (that is, information not contained in, or produced using, your consumer credit report).

When do the APPs apply to the handling of personal information in your credit report?

The table below sets out when a credit provider that is also an APP entity must comply with specific APPs when handling your consumer credit report.

When must a credit provider comply with the APPs?
Activity APPs that apply APPs that do NOT apply

Open and transparent management of personal information contained in your consumer credit report

APP 1.2 — obligation to ensure compliance with applicable APPs

APP 1.3 — APP privacy policy

APP 1.4 — contents of APP privacy policy

APP 1.5 — availability of APP privacy policy

APP 1.6 — form of APP privacy policy

Anonymity and pseudonymity

APP 2.1 — option not to identify yourself or use a pseudonym

APP 2.2 — exceptions to APP 2.1

 

Collection of personal information contained in your consumer credit report

APP 3 — collection of solicited personal information

APP 4 — dealing with unsolicited personal information

APP 5 — notification of the collection of personal information

  

Disclosure of personal information contained in your consumer credit report

APP 9.1 — adoption of government related identifiers

APP 9.3 — Regulations about adoption, use or disclosure of government related identifiers

APP 6 — use or disclosure

APP 7 — direct marketing

APP 8 — cross border disclosure of personal information

APP 9.2 — use or disclosure of government related identifiers

Use of personal information contained in your consumer credit report

APP 9.1 — adoption of government related identifiers

APP 9.3 — Regulations about adoption, use or disclosure of government related identifiers

APP 6 — use or disclosure

APP 7 — direct marketing

APP 8 — cross border disclosure of personal information

APP 9.2 — use or disclosure of government related identifiers

Quality of personal information contained in your consumer credit report

  

APP 10 — quality of personal information

Security of personal information contained in your consumer credit report

  

APP 11 — security of personal information

Access to personal information contained in your consumer credit report

  

APP 12 — access to personal information[1]

Correction of personal information contained in your consumer credit report

  

APP 13 — correction of personal information[2]

For further information

telephone: 1300 363 992
email: enquiries@oaic.gov.au
write: GPO Box 5218, Sydney NSW 2001
Or visit our website at www.oaic.gov.au

Footnotes

[1] APP 12 will apply to an individual seeking access to information that a credit provider has collected directly from an individual irrespective of whether that information could also be included in your consumer credit report.

[2] APP 13 will apply to the following types of personal information in your credit report that can be used to identify you: your name(s), sex, address(s), employer(s), date of birth and drivers licence number.