• Specific Year
    Any

PRIVACY ACT 1988 - SECT 20Q Security of credit reporting information

PRIVACY ACT 1988 - SECT 20Q

Security of credit reporting information

  (1)   If a credit reporting body holds credit reporting information, the body must take such steps as are reasonable in the circumstances to protect the information:

  (a)   from misuse, interference and loss; and

  (b)   from unauthorised access, modification or disclosure.

  (2)   Without limiting subsection   (1), a credit reporting body must:

  (a)   enter into agreements with credit providers that require the providers to protect credit reporting information that is disclosed to them under this Division:

  (i)   from misuse, interference and loss; and

  (ii)   from unauthorised access, modification or disclosure; and

  (b)   ensure that regular audits are conducted by an independent person to determine whether those agreements are being complied with; and

  (c)   identify and deal with suspected breaches of those agreements.

  (3)   Without limiting subsection   (1), if a credit reporting body holds credit reporting information, the body must store the information:

  (a)   either:

  (i)   in Australia or an external Territory; or

  (ii)   in accordance with any security requirements prescribed by the regulations for storing the information outside of Australia and the external Territories; and

  (b)   in accordance with any security requirements prescribed by the regulations.

Note:   Requirements prescribed for paragraph   (b) apply wherever the information is stored.