Skip to main content
Skip to secondary navigation
Australian Government - Office of the Australian Information Commissioner - Home

Australian Privacy Commissioner makes new credit provider determinations

The Australian Privacy Commissioner, Timothy Pilgrim, has today announced the making of three new credit provider determinations.

The new determinations issued by the Privacy Commissioner are as follows:

The new determinations have the same effect as the existing Credit Provider Determinations Nos. 2006-3 (Assignees), 2006-4 (Classes of Credit Providers) and 2006-5 (Indigenous Business Australia) which are due to expire on 31 August 2011 (2006-3 and 2006-4) and 30 October 2011 (2006-5).

The new determinations have been issued for a period of 3 years. The Assignees and Classes of Credit Providers determinations therefore take effect on 1 September 2011 and expire on 31 August 2014. The Indigenous Business Australia determination has effect from 31 October 2011 until 30 October 2014.

The Office of the Australian Information Commissioner (OAIC) conducted a public consultation before the Privacy Commissioner decided to make the new determinations. Comments were sought from industry, peak bodies, regulators, consumer groups, Indigenous groups and government agencies. The submissions to the consultation and the OAIC’s consultation report as well as links to the new determinations on the Federal Register of Legislative Instruments are available on the OAIC website at:


Under the Privacy Act 1988 (Cth) (Privacy Act) and the Australian Information Commissioner Act 2010 (Cth), the Privacy Commissioner may, with the approval of the Australian Information Commissioner, determine that certain entities are ‘credit providers’ for the purposes of the Privacy Act. 

By being granted ‘credit provider’ status, an entity is able to undertake credit reporting activities, including accessing credit reports, listing overdue payments and serious credit infringements, updating existing default listings and correcting previously reported information.

The Assignees Determination provides that a corporation which acquires the rights of a credit provider with respect to the repayment of a loan shall, in relation to that loan, be regarded as the credit provider for the purposes of the Privacy Act.

The Classes of Credit Providers Determination provides that a corporation which:

  • is considering providing or has provided goods or services on terms which allow deferral of payment, in full or in part, for at least 7 days, or
  • hires out or leases goods where an amount less than the value of the goods is paid as deposit for return of the goods and the arrangement is of at least 7 days duration,

shall be regarded as a credit provider for the purposes of the Privacy Act in relation to those transactions.

The Indigenous Business Australia Determination provides that the statutory authority Indigenous Business Australia is a credit provider for the purposes of the Privacy Act.