PRIVACY ACT 1988 - SECT 21B Open and transparent management of credit information etc.
PRIVACY ACT 1988 - SECT 21B
Open and transparent management of credit information etc.(1) The object of this section is to ensure that credit providers manage credit information and credit eligibility information in an open and transparent way.
Compliance with this Division etc.
(2) A credit provider must take such steps as are reasonable in the circumstances to implement practices, procedures and systems relating to the provider's functions or activities as a credit provider that:
(a) will ensure that the provider complies with this Division and the registered CR code if it binds the provider; and
(b) will enable the provider to deal with inquiries or complaints from individuals about the provider's compliance with this Division or the registered CR code if it binds the provider.
Policy about the management of credit information etc.
(3) A credit provider must have a clearly expressed and up - to - date policy about the management of credit information and credit eligibility information by the provider.
(4) Without limiting subsection (3), the policy of the credit provider must contain the following information:
(a) the kinds of credit information that the provider collects and holds, and how the provider collects and holds that information;
(b) the kinds of credit eligibility information that the provider holds and how the provider holds that information;
(c) the kinds of CP derived information that the provider usually derives from credit reporting information disclosed to the provider by a credit reporting body under Division 2 of this Part;
(d) the purposes for which the provider collects, holds, uses and discloses credit information and credit eligibility information;
(e) how an individual may access credit eligibility information about the individual that is held by the provider;
(f) how an individual may seek the correction of credit information or credit eligibility information about the individual that is held by the provider;
(g) how an individual may complain about a failure of the provider to comply with this Division or the registered CR code if it binds the provider;
(h) how the provider will deal with such a complaint;
(i) whether the provider is likely to disclose credit information or credit eligibility information to entities that do not have an Australian link;
(j) if the provider is likely to disclose credit information or credit eligibility information to such entities--the countries in which those entities are likely to be located if it is practicable to specify those countries in the policy.
(5) A credit provider must take such steps as are reasonable in the circumstances to make the policy available:
(b) in such form as is appropriate.
Note: A credit provider will usually make the policy available on the provider's website.
(6) If a person or body requests a copy, in a particular form, of the policy of a credit provider, the provider must take such steps as are reasonable in the circumstances to give the person or body a copy in that form.
Interaction with the Australian Privacy Principles
(7) If a credit provider is an APP entity, Australian Privacy Principles 1.3 and 1.4 do not apply to the provider in relation to credit information or credit eligibility information.
Exemption for certain non - participating credit providers
(8) This section does not apply to a non - participating
credit provider.