- Get free trial for practice areas as below
- Business
- Consumer
- Corporations
- Criminal
- Employment
- Family
- General Counsel
- Governance
- Immigration
- Intellectual Property
- Personal Injury NSW
- Personal Injury Qld
- Personal Injury Vic
- Personal Property Security
- Property
- Succession
- Work Health & Safety
- Tax
- Mergers & Acquisitions
- Banking & Finance
- Social Justice
- Cybersecurity, Data Protection & Privacy
- Insolvency
- Competition
- Regulation
- Privacy and credit reporting
Overview — Privacy and credit reporting
Introduction to privacy and credit reporting legislation
The Privacy Act 1988 (Cth) (Privacy Act) regulates the handling of personal information about individuals. Sensitive information and credit information are examples of subsets of personal information, and they are subject to specific requirements. The Privacy Act includes thirteen Australian Privacy Principles (APPs). The APPs set out standards, rights and obligations for the handling, holding, use, accessing and correction of personal information, including sensitive information.
The Office of the Australian Information Commissioner (OAIC) is an independent statutory agency, headed by the Australian Information Commissioner. One of the key functions that the OAIC performs relate to privacy.
Part IIIA of the Privacy Act regulates consumer credit reporting in Australia. Part IIIA is supported by the Privacy (Credit Reporting) Code 2014 (Version 2) (Cth), which is often referred to as the “CR Code”. The CR Code is a mandatory code, and it binds all credit reporting bodies and credit providers.
The Spam Act 2003 (Cth) (Spam Act) contain specific provisions regarding direct marketing. It is useful for legal practitioners to have working knowledge of the Spam Act because (among other things), the APPs provide that where the act or practice of an APP entity (being the agencies and organisations that have responsibilities under the Privacy Act) is subject to the Spam Act, APP 7 does not apply to the extent that the Spam Act applies.
This subtopic outlines for legal practitioners some key concepts and key definitions of the Privacy Act, the APPs, the CR Code and the Spam Act. It also outlines some key provisions of these legislation. Legal practitioners are likely to come across these concepts, definitions and provisions, and it is useful to have working knowledge of them when advising clients.
Each guidance note in this subtopic also contains useful tools for legal practitioners.
Privacy Act basics
This guidance note explains what is personal information, what is sensitive information, what are the APPs, who has responsibilities under the Privacy Act, what is credit reporting, who are credit reporting bodies, and what is the role and powers of the OAIC.
See Privacy Act basics.
Australian privacy principles basics
This guidance note explains who are “APP entities” and provide more information on each of the thirteen APPs.
See Australian privacy principles basics.
Credit reporting basics
This guidance note starts with an outline of the credit reporting legal framework. It then explains the structure of Pt IIIA of the Privacy Act that relates to credit reporting, provide an overview of the rules, and explains selected key definitions, including “credit reporting business”, “affected information recipients”, “credit information”, “credit reporting information”, “credit eligibility information”, “CRB derived information” and “CP derived information”. “Notifiable matters” is a key CR Code concept, and its meaning is also explained.
See Credit reporting basics.
Spam Act basics
This guidance note explains how privacy legislation interacts with the Spam Act. The Spam Act prohibits the sending of unsolicited commercial electronic messages. Subject to compliance with some key rules, commercial electronic messages can be sent if the received have given express or inferred consent. These key rules, together with the concepts and definitions of commercial electronic messages, express consent and inferred consent are explained. The Australian Communications and Media Authority enforces the Spam Act, and its role and functions are explained.
See Spam Act basics.
