The Information Commissioner can recognise external dispute resolution (EDR) schemes to handle particular privacy-related complaints (s 35A of the Privacy Act 1988).
The OAIC has issued Guidelines for Recognising External Dispute Resolution Schemes which include the matters the Commissioner must take into account in considering whether to recognise an EDR scheme, the steps an EDR scheme should take to apply for recognition and the general conditions for ongoing recognition.
Importantly under Part IIIA of the Privacy Act, a credit provider (as defined by sections 6G to 6K of the Privacy Act), must be a member of an EDR scheme recognised under the Privacy Act to be able to disclose credit information about an individual to a credit reporting body and thereby participate in the consumer credit reporting system.
This mandatory EDR membership provision does not apply to disclosures made in connection with the provision of commercial credit.
The Privacy Regulation 2013 includes an exemption to the EDR membership requirement for energy and water utilities in the Australian Capital Territory. This exemption expires on 1 January 2019.
Was this page helpful?
If you would like to provide more feedback, please email us at firstname.lastname@example.org