THE OFFICE OF THE PRIVACY COMMISSIONER
Spacer GifHOME > Federal Privacy Law > 2008 - Complaint Case Note 17 Spacer Gif Spacer Gif Spacer Gif Spacer Gif
Spacer Gif
Spacer Gif Federal Privacy Law
Spacer Gif Bullet Privacy Act
Spacer Gif Bullet Privacy Act Regulations
Spacer Gif Bullet Public Interest Determinations
Spacer Gif Bullet Guidelines
Spacer Gif Bullet Complaint Case Notes & Determinations
Spacer Gif Bullet Audits
Spacer Gif Bullet Information Privacy Principles
Spacer Gif Bullet National Privacy Principles
Spacer Gif Bullet Private Sector Codes and Opt-in Registers
Spacer Gif Bullet Credit Reporting
Spacer Gif Bullet Health
Spacer Gif Bullet Telecommunications
Spacer Gif Bullet Tax File Numbers
Spacer Gif Bullet Spent Convictions
Spacer Gif Bullet Data-matching
Spacer Gif Bullet Privacy Advisory Committee
Spacer Gif Bullet Private Sector Review 2005
Spacer Gif Bullet ALRC Privacy Inquiry 2006 - 08
Spacer Gif Bullet Privacy Law History
Spacer Gif SPECIFIC PRIVACY
INFORMATION FOR:
Spacer Gif > Individuals
Spacer Gif > Business
Spacer Gif > Health
Spacer Gif > Government
Horizontal Rule
Spacer Gif > Federal Privacy Law
Spacer Gif > About the Office
Spacer Gif > Frequently Asked Questions
Spacer Gif > IT and Internet Issues
Spacer Gif > Media and Speeches
Spacer Gif > Publications
Spacer Gif > Privacy Links
Spacer Gif > International
Spacer Gif > Contact us

Spacer Gif

2008 - Complaint Case Note 17

View printable version of this page

PDF, Word

Case Citation:

Q v Credit Provider [2008] PrivCmrA 17

Subject Heading:

Unauthorised access to consumer credit information files or credit reports by a credit provider

Law:

Section 18S and section 18J(1) of Part IIIA of the Privacy Act 1988 (Cth)

Facts:

The complainant alleged that when they obtained a copy of their consumer credit information file (credit file), they found that a telecommunications company with whom they had previously had an account was listed as having accessed their credit file. That access occurred as recently as several months prior to the complaint being made, yet the complainant claimed that they had not had an account with the telecommunications company for a number of years and there was no valid reason for the company to have accessed their credit file.

The complainant contacted the telecommunications company to enquire as to the reason it had accessed their credit file. The complainant was advised that the telecommunications company had accessed their credit file as part of 'routine check on all current and past members'.

The complainant was dissatisfied with this explanation and made a complaint to the Privacy Commissioner.

Issues:

Section 18S of the Privacy Act places restrictions on the circumstances in which a credit provider can access an individual's consumer credit information file. It permits access to credit files in the possession of a credit reporting agency where authorised by the Privacy Act.

Additionally, explanatory note thirty-seven (37) of the Credit Reporting Code of Conduct states that a credit provider may only obtain access to a credit report issued by a credit reporting agency if the credit provider is permitted by law to be given the information by the credit reporting agency.

Section 18J(1) of the Act requires that credit providers take reasonable steps to ensure that the personal information contained within individuals' consumer credit report is accurate, up-to-date, complete and not misleading.

Outcome:

The Privacy Commissioner opened an investigation into the matter under section 40(1) of the Privacy Act.

The Privacy Commissioner formed the view that although section 18S of the Act places restrictions on the circumstances in which a credit provider can access an individual's consumer credit information file, section 18J(1) of the Act requires that credit providers take reasonable steps to ensure that the personal information contained within individuals' consumer credit report is accurate, up-to-date, complete and not misleading.

In fulfilling its obligation under section 18J(1), the Privacy Commissioner does not consider it unusual or inappropriate for a credit provider to access that portion of an individual's consumer credit information file that relates specifically to a default listing recorded by that credit provider.

Investigation revealed that in this instance, the telecommunications company accessed only that part of the complainant's credit file that related to the default listing made by the telecommunications company.

Further, the telecommunications company advised that it had not accessed that part of the credit file for the purposes of 'routine check on all current and past members' as it had initially advised the complainant. Instead, it had specifically reviewed a number of already listed defaults to ensure that the listings were accurate, complete, up-to-date and not misleading, in accordance with section 18J of the Privacy Act. The default the telecommunications company had listed on the complainant's credit file several years earlier, was one of those being reviewed.

The Privacy Commissioner formed the view that the circumstances in which the telecommunications company had accessed the complainant's credit file were authorised by section 18J(1) of the Privacy Act, and therefore the telecommunications company was not in breach of section 18S of the Privacy Act.

The Commissioner closed the investigation of the complaint under section 41(1)(a) of the Privacy Act, on the basis that there had in the circumstances described been no interference with the complainant's privacy.

OFFICE OF THE PRIVACY COMMISSIONER

June 2008



Spacer Gif> Privacy Policy Spacer Gif> Copyright Spacer Gif> Site map Spacer Gif> Join Email List Spacer Gif> Glossary Spacer Gif> Calendar Spacer Gif> Newsletter