Office of the Australian Information Commissioner - Home

Australian Government - Office of the Australian Information Commissioner
Australian Government - Office of the Australian Information Commissioner

Main menu

Independent review of the Privacy (Credit Reporting) Code 2014

Tender process completed for review of the Privacy (Credit Reporting) Code 2014

26 July 2017

The Office of the Australian Information Commissioner has completed the tender process, and contracted PricewaterhouseCoopers (PwC) to conduct an independent review of the Privacy (Credit Reporting) Code 2014 (Version 1.2).

More information will be provided as the review progresses.

For more information about the CR Code and credit reporting under the Privacy Act see the Credit Reporting page.

Back to Contents

Tender for review of the Privacy (Credit Reporting) Code 2014

24 April 2017

The Office of the Australian Information Commissioner is currently tendering for the following aspects of the independent review of the Privacy (Credit Reporting) Code 2014:

  • Develop a consultation strategy for approval by the OAIC.
  • Undertake public and targeted consultation in accordance with the consultation strategy.
  • Publish a report on the OAIC’s website by 31 October 2017, outlining the findings from the consultation process.

The consultation strategy does not necessarily need to take a two stage approach to consultation.

The closing date is Friday, 26 May 2017 at 3:00pm (ACT local time).

Information about this tender is available on the AusTender website.

Back to Contents

Independent review of the Privacy (Credit Reporting) Code 2014

7 April 2017

In April 2017, the Australian Information and Privacy Commissioner will tender for an independent review of the Privacy (Credit Reporting) Code 2014 (the CR Code). This review is an opportunity to explore how the CR Code, which commenced on 12 March 2014, is operating in practice.

The CR Code review will be conducted in two stages:

  • Stage 1, anticipated to commence in May 2017, will explore the interaction between the CR Code and the Privacy Act 1988 and significant issues or concerns about the practical operation of the CR Code.
  • Stage 2, anticipated to commence in July 2017, will explore requirements in the CR Code that have not been complied with in practice (including issues of systemic non-compliance).

There will be an opportunity for stakeholders interested in the review to contribute to this process.

The successful tenderer will lead the consultation process and will publish a report outlining issues and concerns about the operation of the CR Code in late 2017.

Background

Part IIIA of the Privacy Act regulates consumer credit reporting in Australia. Part IIIA is supported by the Privacy Regulation 2013 and the CR Code.

The CR Code is a mandatory code that binds credit providers and credit reporting bodies. The Code commenced on 12 March 2014. Importantly, a breach of the Code is a breach of the Privacy Act.

Paragraph 24.3 of the CR Code requires the Commissioner to initiate an independent review of the operation of the Code within 3 years of the date of its commencement.

Paragraph 24.2 of the CR Code requires credit reporting bodies (CRBs) to commission an independent review of their operations and practices to assess compliance by the CRB with its obligations under Part IIIA, the Regulations and the CR Code.

The outcomes of the CRB reviews will be considered as part of stage 2 of the CR Code review.

For more information about the CR Code and credit reporting under the Privacy Act see the Credit Reporting page.

Back to Contents