Yes, you and your organisation need to adhere to the new provisions of the Privacy Act from March 2014 including those related to credit reporting.

Yes, you will be covered by the new Privacy Act including those sections related to credit reporting.

There is a small business exemption for businesses with a turnover of less than $3 million. However, there will be exceptions to this and in some instances a small business will still be treated as an organisation covered by the Privacy Act. If you supply credit of more than 7 days, you are a Credit Provider - and must comply with the Act, including those sections related to credit reporting.

  1. We only keep credit information that you have obtained from the customer
  2. We only access credit reporting information
  3. We provide credit information to a Credit Reporting Body


All of these situations are governed by the new legislation.

For commercial Credit Providers, hire purchase providers, lessors and those with rental agreements who keep personal information and/or credit information about the individual, you will need to abide by this new legislation. For example if you keep personal information and/or credit information about a director of one of your customers, the new law will cover you.

Yes it will, as the new Credit Reporting Privacy Code (CR Code)will be a legislative instrument and a breach of the Code will be treated as if you had breached the Act - which can carry very serious penalties.

Yes, there is. Adhering to the new Australian Privacy Principles will not be sufficient if you hold personal information and this information may be shared with a 'Credit Reporting Body', or you obtain 'credit reporting information' from a 'Credit Reporting Body'. You will need to adhere to both the APPs and the credit reporting requirements of the new Privacy Act.

Comprehensive credit reporting is only part of these reforms. The focus of the legislation in relation to credit reporting is much wider than just what new data can be exchanged. The legislation also includes changes to corrections and complaints handling, ban periods, record keeping, data accuracy, new required policy documents and much more.