Chapter 9
Definitions
Introduction
9.1
The Exposure Draft contains a range of new definitions. The committee
has already commented on the complexity of some of these definitions in chapter
3 of this report. The following discussion covers issues raised by submitters
about specific definitions.
Definitions contained in section 180
Consumer credit liability
information
9.2
The consumer credit liability information definition refers to certain
information, including the name of the provider, and the type of consumer
credit, where a credit provider provides credit to an individual. This
information includes four of the five new data sets.
9.3
The Communications Alliance commented that the provision of some consumer
credit liability information may result in added complexity for telecommunications
companies, for example, if the type of credit account requires detailed
explanations such as a post-paid mobile service, a home phone service, or an
internet service rather than simply specifying that a telecommunications service
has been provided. Other matters which will require clarification for
telecommunications companies include when an account for a telecommunications
service is considered to be 'opened', for example, upon the application being
approved, when the SIM card is activated (for a mobile service), upon first
use, etc. Similarly, information on when an account is considered to be
'closed' requires clarification as many telecommunications services can be 'deactive'
or unused for some months before actually being disconnected or having the telephone
number or email address cancelled.[1]
9.4
The Communications Alliance also noted that information on a credit
limit is problematic for most telecommunications services as there are no
'credit limits' as such. Instead, telecommunications customers have access to a
vast range of different products, services, pricing plans and spend control
tools. In addition, a 'credit limit' as used in the banking and financial
sectors, indicates a cut-off point where additional 'credit' is no longer
available to customers. This does not currently exist with post-paid telecommunications
services (although pre-paid services do function in this way).[2]
Court proceedings information
9.5
The Consumer Credit Legal Service WA (CCLSWA) commented that there was
ambiguity in the definition of 'court proceedings information'. The CCLSWA
noted that in Western Australia, summonses are routinely listed on consumers'
credit information files. This appears to occur only in Western Australia. The CCLSWA
pointed to cases where the listing of summonses has had a significant impact on
consumers' ability to obtain credit even though their liability has not been
established. In addition, the CCLSWA noted a summons remains on a credit
information files for four years even if proceedings are discontinued or the
claim is unsuccessful. This listing prevents consumers with summons on their
credit information file from obtaining credit regardless of whether a claim is
successful.
9.6
The CCLSWA voiced concern that the definition will allow the
continuation of this practice: the inclusion of 'information about a judgment' in
the definition could be interpreted widely to include the originating summons,
as currently appears to be the case. The CCLSWA argued that summonses should be
precluded from permitted content of credit information files.[3]
9.7
The Consumer Credit Legal Centre (NSW) (CCLC) noted that 'court
proceedings information' is defined as judgments in relation to 'any credit that
has been provided to, or applied for by, the individual'. CCLC was of the view that
only judgments should be relevant (no other proceedings) and only those
relating to 'credit'. CCLC provided the example of a dispute with a builder arising
from a contract to undertake work. The dispute may be over the quality of the
work, or the interpretation of the contract. In such a case, the fact that the individual
loses the dispute should not be relevant to the individual's credit eligibility
unless they fail to pay the judgment debt.
9.8
The CCLC concluded that to allow such information to be used 'undermines
the legal rights of individuals to conduct any form of civil dispute'. For the
same reason, court proceedings information that is publicly available
information should not be able to be provided as part of a credit reporting
information or credit report derived information supplied by a credit reporting
agency.[4]
Committee comment
9.9
The committee considers that any ambiguity about the definition of
'court proceedings information' should be addressed to ensure that summonses
cannot be listed on a consumer's credit information file.
Recommendation 25
9.10 The committee recommends that the definition of 'court proceedings
information' be reconsidered to ensure that summonses cannot be listed on a
consumer's credit information file.
Identification information
9.11
The definition of 'identification information' includes such information
as full name, date of birth and sex. The only form of government identification
included is a driver's licence. Some submitters argued that other data, for
example a passport number, or a State-issued identification card available for
those who don't or can't drive should be included. It was stated that the restriction
in the definition impacts on the ability of credit reporting agencies and
credit providers to meet other regulatory requirements (for example, Anti-Money
Laundering and Counter Terrorism Financing Act 2006 requirements) as well
as matching records supplied by various sources, thus potentially undermining
the goal of providing a credit report that is 'accurate, complete, and up to
date'.[5]
9.12
The Australian Finance Conference (AFC) also commented that the words 'alias
or previous name' should be clarified so that, notwithstanding the provisions
of the Acts Interpretation Act, it is clear that more than one alias or
previous name can be included as identification information.[6]
9.13
The Australian Privacy Foundation (APF) submitted that it would be
preferable for 'identification information' to be replaced with 'credit
identifying information'. This would ensure that the term which is credit
specific is not taken out of context and used as a precedent for other
contexts.[7]
Committee comment
9.14
The committee notes that the definition of 'identification information'
is based on the existing Privacy Commissioner Determinations under the
Privacy Act 1988 1991 No 2 (s.18E(3)) concerning identifying particulars
permitted to be included in a credit information file.[8]
In relation to use of government identifiers, the committee notes that the
general policy on the use of government identifiers is set out in Australian
Privacy Principle 9. The committee does not consider that the use of government
identifiers should include identifiers other than a drivers licence. Drivers
licences are currently used for identification purposes and any expansion to
include other identifiers may lead to targeting of databases for identity
fraud. However, the committee considers that matters in relation to Anti-Money
Laundering and Counter Terrorism Financing Act 2006 should be further
investigated to ensure that the definition does not restrict entities from
meeting their regulatory obligations.
Recommendation 26
9.15 The committee recommends that the definition of 'identification
information' be reviewed to ensure that it does not restrict the ability of
credit reporting agencies and credit providers from meeting other regulatory
requirements.
Section 181 – Meaning of credit information
9.16
The meaning of credit information includes 'publicly available
information about the individual'. The Office of the Australian Information
Commissioner (OAIC) submitted that this should be subject to further limits.
The OAIC stated it understood that this provision is to ensure that publicly
available information that credit reporting agencies may be collecting (not
currently captured under Part IIIA of the Privacy Act) is given adequate
privacy protections. The OAIC commented:
A key privacy issue in credit reporting is the need to limit
collection and sharing of personal information to that what is necessary and
relevant. There needs to be a clear distinction between what is relevant to
assessing eligibility for credit (and subject to additional regulation) and
other information. The definition of 'credit information' may be intended to
classify the limits of personal information that is relevant for CRAs to
provide to credit providers to assess individuals' creditworthiness. [9]
9.17
However, the OAIC was of the view that the current scope of 'publicly
available information' that may be included as 'credit information' seems
broad, and its limits are unclear. In particular, the OAIC pointed to the increasing
amount of personal information publicly available online, including from social
networking sites. While the relevance and accuracy of such information may be
doubtful (and give rise to an increasing number of complaints), it may fall
within the scope of subsection (k).[10]
In order to improve clarity and certainty, the OAIC recommended that additional
limitations be placed on subsection (k) of the 'credit information' definition.
Amendments could allow regulations, the new Credit Reporting Code, or rules
issued by the Information Commissioner, to further limit its scope or
specifically prescribe what publicly available information can or cannot be
included as 'credit information'.
Committee comment
9.18
The committee supports amendment of subsection 181(k) to provide greater
clarity and certainty for the meaning of 'publicly available information' as
proposed by the OAIC.
Recommendation 27
9.19 The committee recommends that section 181 be reviewed to provide for
greater clarity and certainty in the meaning of 'publicly available information'
as proposed by the Office of the Australian Information Commissioner.
Section 182 – Meaning of default information
9.20
The definition of 'default information' refers to the circumstances
where an individual is overdue in making a repayment relating to consumer
credit or under a guarantee. The issues in relation to the meaning of default
information went to the time lag in listing of a default, the inclusion of the
amount of $100 in the definition and statute barred debts.
9.21
The Australasian Retail Credit Association (ARCA) commented that the
meaning of default information in the current Privacy Act and the current
Credit Reporting Code of Conduct has been the source of much discussion and
difficulty in interpretation. In particular, the amount for which a default can
be listed, is the amount reported to the consumer 60 days ago, less any
payments but not any further charges or interest. ARCA stated that as a result,
the amount of the listing is not equal to the actual amount owed on the day of
the listing. Of further issue is the criterion for listing: as it is 'open
ended', defaults can be listed when the criteria is met, later or never at all.
Finally, ARCA stated it was expected that the Government would leave the detail
of the definition of default to be addressed in the new Code of Conduct, as
indicated in its response to the ALRC's recommendations.
9.22
ARCA also argued that the provisions for guarantor defaults place additional
requirements on credit providers prior to listing defaults against guarantors. It
appears that an additional 60 days must elapse, on the basis of having to wait until
60 days from the day on which the notice to the primary debtor was provided,
before listing a default against the guarantor.[11]
9.23
Both the Energy & Water Ombudsman NSW and Telstra commented on the
provisions requiring that the debt must be more than $100 or such higher amount
as prescribed by regulations. The Energy & Water Ombudsman NSW suggested an
increase to $300 to exclude small utility bills from the adverse consequences
of credit listing.[12]
Telstra however, stated that the threshold amount is an important issue to telecommunications
providers and others who provide ongoing services on a deferred payment basis. The
availability of effective credit management tools to deal with customers who
are very late in paying and have been warned of credit management action
impacts on the ability of telecommunications providers to offer 'post-paid'
services. Listing of those customers with a credit reporting agency assists in
controlling overall bad debts which benefits the majority of customers who pay
in a timely fashion. Telstra therefore suggested that the reference to the
regulations should be excluded as any further changes to the threshold amount
should be made with the full scrutiny of legislation, rather than regulations.[13]
9.24
Both Legal Aid Queensland and the CCLC noted that the Government
Response to ALRC Recommendation 58–1 accepted that there should be a
prohibition on the listing of any overdue payment where the credit provider is
statute-barred from recovering the debt. However, the CCLC argued that the
acceptance of this recommendation is not adequately reflected in the exposure
draft as:
Section 182(1)(c) is the only provision I can find which reflects
this section of the response. It stipulates that in order to be 'default
information' under the draft legislation the provider must not be 'prevented by
or under any Australian law from bringing proceedings against the individual to
recover the amount of the overdue payment'.
The problem with this drafting is that plaintiffs are
entitled to bring proceedings for statute barred debts and it is up to the
defendant to plead the statutory limitations as a defence. As a result the
above provision does not appear to be sufficient to meet the Government
commitment.[14]
9.25
Legal Aid Queensland (LAQ) commented:
The draft legislation does not allow a credit provider to
list default information in relation to an overdue payment if the provider is
prevented from bringing legal proceedings against the individual to recover the
amount of the overdue debt - S182(2)(e). Unfortunately the limitation of
actions legislation in various states do not prevent the credit provider from
bringing proceedings. Instead the law provides a complete defence to a consumer
on the ground that the debt is statute barred. To clarify the position, we
would support an amendment that if the individual has a complete defence under
any limitation of actions legislation, the credit provider is unable to list.
In addition, it appears that the restriction in the
legislation is limited to the party that provided the credit so that an
assignee of the debt or the debt collector may be able to list.[15]
Committee comment
9.26
The committee considers that concerns in relation to statute barred
debts should be investigated to ensure that the ALRC's recommendation is
adequately reflected in the credit reporting system.
Recommendation 28
9.27 The committee recommends that the meaning of 'default information' be
reviewed to ensure that statute barred debts are prohibited from being listed.
Section 184 – Meaning of new arrangement information
9.28
The ANZ Bank argued that the provisions of section 184 are a prohibitive
view of the provision of new arrangement information as borrowers and credit
providers often amend repayment arrangements prior to default occurring to
assist borrowers in the management of their finances. This includes temporary
hardship arrangements as a result of natural disasters. The ANZ Bank went on to
comment:
If credit providers are unable to disclose hardship
arrangements that are entered into prior to default it will result in adverse
repayment history being reported for the individual. The credit provider will
be required to disclose that the individual did not make their standard monthly
repayment even though they have entered into an alternative arrangement with the
credit provider.[16]
9.29
Westpac also commented that the current definition only allows for new
arrangement information to be reported when an account has previously been
listed as being in default. Arrangements are generally the result of a customer,
who is experiencing financial hardship, requesting assistance from a credit
provider. However, the majority of hardship cases occur prior to default,
including where hardship has resulted from a natural disaster. Westpac
recommended that the provisions be amended to allow for reporting of
'pre-default' arrangements in this context in order to distinguish a temporary
inability to pay from unwillingness to pay.[17]
Comments on new arrangements are also provided in the discussion on complaints
handling in chapter 5.
Section 187 – Meaning of repayment history information
9.30
Section 187 provides the meaning of 'repayment history information' such
that if a credit provider provides consumer credit to an individual, certain
information about the consumer credit is repayment history information. That
information relates to whether or not an individual has met a monthly payment
that is due and payable in relation to the consumer credit; the day on which
the monthly payment is due and payable; and if the individual makes the monthly
payment after the day on which the individual makes the payment — the day on
which the individual makes that payment.[18]
Regulations will also make provisions in relation to meeting an obligation to
make a monthly payment and whether or not a payment is a monthly payment.
9.31
The CCLC did not support the inclusion of repayment history in credit
reports as it considered that improved risk assessment can be met through the
provision of other information now permitted to be collected, including current
accounts, open and closing dates, and available credit limit.[19]
9.32
The CCLC also compared the requirement for a payment to be 60 days
overdue before a default can be entered on a credit report, with the notification
provisions and the opportunity provided to rectify that default with the
repayment history proposals, which contain no such protections. The CCLC
concluded that the introduction of repayment history information will:
- lead to more potential errors because of the sheer volume of
information being exchanged;
- make it difficult for consumers to keep track of whether their
credit report is accurate or not;
- lead to a proliferation of complaints about timing issues; and
- lead to more risk-based pricing in the market place – that is
consumers who pay late may not be denied credit but charged more for it,
placing self-employed consumers, those with insecure sources of income, and those
who are in temporary hardship due to circumstances beyond their control, at a significant
disadvantage. Credit providers can already deal with late payers by imposing
late payment fees. However, late fees cease being charged once a consumer is
back on track, or has entered into a formal hardship arrangement. If these
consumers are charged more for credit in future, then a temporary problem
becomes entrenched.[20]
9.33
The Credit Ombudsman Services Limited (COSL) also commented on the
provisions for default listing and repayment history information. The COSL
stated that some of the debate about what information should be adjusted before
repayment history information is reported, has arisen because there is confusion
between repayment history and default listings. Default listings can only be made
if certain requirements are satisfied, and once made are clearly an adverse
reflection on the customer's credit worthiness. However, repayment history is 'simply
a month by month reporting of the timeliness of payments made by the customer and
in itself is neither beneficial nor prejudicial'.[21]
9.34
Legal Aid Queensland (LAQ) commented that its support of more
comprehensive credit reporting, including repayment history, was based on the
precondition of a responsible lending framework. The LAQ argued that the
provisions did not provide for responsible lending for all types of consumer
credit and therefore the reporting of credit histories should be delayed until
phase 2 of the current credit reforms are introduced.[22]
Meaning of repayment history
information
9.35
The APF stated that the definition of 'repayment history information'
does not clarify some outstanding issues about what is to be permitted and the
format in which it can be recorded, and the extent to which the detail on this
will be included in regulations and/or the Code.[23]
The CCLC also commented that some matters are not clear including how the
information will be recorded and when an affected individual will be notified
about adverse information on their credit report. The CCLC went on to state
that these issues are too important to be left to regulations and that they
should be included in the primary legislation.[24]
9.36
ARCA commented that the provisions do not give certainty to a credit
reporting agency's ability to provide a credit provider with 24 months of
repayment history, nor do they provide certainty to the right of credit
providers to provide credit reporting agencies with an initial download of
repayment history. ARCA concluded that without the ability to make these
initial transfers of information, 'the benefits of allowing for the reporting
of repayment history will not accrue for many months or years'.[25]
Westpac argued that the definition of repayment history information is likely
to introduce practical complexity given the level of detail required.[26]
9.37
Veda Advantage saw the definition as 'very product specific' and
therefore unhelpful. Veda Advantage was of the view that the definition should
be more generic as the term can be well understood from other sources, for
example, guidelines or codes.[27]
9.38
A further matter raised in submissions is that the definition of
repayment history information only relates to monthly payment arrangements. It
was noted that many credit arrangements are based on different repayment
periods, such as weekly or fortnightly.[28]
The ANZ Bank noted that there is provision for regulations to further define
monthly payments. However, the ANZ Bank preferred that section 187 be amended
to allow for repayment arrangements that are not monthly rather than this being
dealt with by the regulations.[29]
Access to repayment history
information by non-licensees
9.39
Citigroup also raised the issue of access to repayment history
information by charge card issuers. For example, Diners Club issue charge cards
and are exempt from the obligation to maintain an Australian Credit Licence
under the National Consumer Credit Regulations. However, the Exposure Draft
permits certain disclosures only to licensees, for example, subsection 108(4)
prohibits a credit reporting agency from disclosing credit reporting
information that is or was derived from repayment history, unless the
disclosure is to a credit provider that is a licensee and subsection 132(2) limits
disclosure of repayment history to credit reporting agencies by a credit
providers that are licensees. As a result Diners Club is unable to receive or
provide repayment history information including from related corporate bodies
such as Citi.[30]
9.40
Citigroup stated that:
We assume that this is an unintended consequence of the
legislation as the effect to exclude charge card providers from the benefits of
enhanced reporting appears illogical. That a business is structured in such a
way so as to not require an Australian Credit Licence should not in itself mean
that it is inappropriate for that business to have access to repayment history
information.[31]
9.41
In order to address this concern, Citigroup proposed that:
- references in the exposure draft to 'licensee' be replaced by 'licensee
or exempted credit provider'; and
- a new definition of 'exempted credit provider' be inserted into
the Act to read:
Exempted credit provider means any
provider of credit under a credit contract to which Schedule 1 of the National
Consumer Credit Protection Act would apply but for an exemption under that Act.[32]
9.42
The Communications Alliance also commented on the access to repayment
history information by non-licensees as telecommunications providers are not
holders of Australian Credit Licences. While most members of the Alliance were
supportive of this approach, some providers expressed an interest in being able
to opt-in to disclose repayment history information to credit reporting
agencies.[33]
Grace periods
9.43
The CCLC argued that there should be a minimum grace period included in
the regulations to ensure that payment system delays and minor oversights are
not captured in the reporting system. This, it was argued, would lead to 'an
explosion of complaints and potentially inaccurate data'. The CCLC noted that
those opposed to a grace period argued that consumers quickly learn what the
grace period is and start treating the end of the grace period as the due date.
While acknowledging that this may occur, the CCLC was of the view that there
will be fewer complaints as a result of payment system delays and minor oversights
if a grace period was allowed.[34]
9.44
The COSL also commented on 'innocent' late payments, that is, payments
which are received late because of matters beyond the control of the customer.
The COSL observed that although this is equally likely to affect all customers,
it is unlikely to occur so frequently on any individual's credit record to
affect a lender's overall assessment of their credit history or
creditworthiness. The COSL concluded that:
The integrity of the system requires it to contain an objective
record of borrowers' actual repayment histories, reported in a timely and
consistent manner. There are many reasons why a customer's payment may be late,
and a repayment history database may not necessarily be the most appropriate
place for all of those reasons to be identified and recorded. If certain late
repayments were to be excused, that is to say, regarded as not being late, it
would appear that:
- the customer's record would show
that the payment was made on time, when this was actually not true;
- apart from issues about the
factual accuracy of the record, its integrity would be further challenged by
the potential for concerns about the consistency with which such exemptions
were managed in practice;
- excluding late payments for
apparently meritorious reasons will make credit reports factually inaccurate
and/or incomplete, and may also serve to conceal important information or
trends and may lead to mis-interpretation of credit reports; and
- every exemption, allowance or
concession made in relation to the reporting of a late repayment effectively
diminishes the value to all customers of repayments that they do make on time,
and devalues the overall impact of more comprehensive credit reporting by
making it impossible to identify borrowers who truly do have a faultless
repayment history.[35]
Notification of late payment
listing
9.45
The CCLC observed that there is no provision for consumers to be
notified if a late payment is to be listed. The CCLC argued that this is
'totally inadequate and procedurally unfair'. While the Department of the Prime
Minister and Cabinet has indicated that this matter will be dealt with in the
regulations, the CCLC submitted that the regulations for such notifications
must be time specific and prescribe the form in which the notification is to be
given.[36]
Hardship
9.46
The issue of hardship flags on credit reporting histories is discussed
in chapter 4.
Committee comment
9.47
The committee has noted the comments in relation to grace periods. The
committee understands that grace periods are available in some overseas
jurisdictions including the United Kingdom. The committee considers that there
are benefits in the provision of grace periods in relation to information in
repayment histories.
Recommendation 29
9.48 The committee recommends that consideration be given to the inclusion of
provisions for grace periods in relation to information in repayment histories.
Section 188 – Meaning of credit provider
9.49
The definition of credit provider includes banks, certain agencies,
organisations or small business operators. The concept of credit provider is
broader under the new regime. For example, organisations or small business
operators will be credit providers where they carry on a business or
undertaking where a substantial part of that business or undertaking involves
the provision of credit. Other organisations or small business operators may
also be credit providers if they provide credit in connection with the sale of
goods, the supply of services, or the hiring, leasing or renting of goods.[37]
9.50
The APF and Consumer Action both welcomed the exclusion of real estate
agents, general insurers and employers from the definition of 'credit provider'
but commented that the precise effect is unclear. Specifically, they submitted
that the use of credit reporting for assessing potential tenants should be
prohibited, as businesses other than real estate agents can and do undertake
the management of rental properties (including landlords).[38]
9.51
The Financial Counsellors' Association of Queensland commented that the
'simplified' definition of credit provider could open the way for agencies that
purchase debts to have a wider access to information contained in credit
reports. These agencies then use the information to 'badger' consumers. The
Association considered that agencies that purchase debts should only have
restricted access to credit reporting information and should only have access
to report that the account they purchased has been finalised.[39]
9.52
The CCLSWA voiced concern regarding the inclusion of small business
operators in the definition of 'credit provider'. It stated that this will
enable unsophisticated 'credit providers' to list defaults and access
consumers' credit information files without understanding the credit reporting
system or its effects on consumers. As a consequence, privacy breaches may
occur and the actions of unsophisticated 'credit providers' may materially
affect a consumer's ability to obtain credit without having the understanding
of the privacy laws. CCLSWA submitted that the definition of 'credit providers'
be restricted to those listed in subsection 188(1) of the Exposure Draft.[40]
9.53
The committee received submissions from the Communications Alliance and
Optus on the effect of the definition on telecommunications providers. It was
noted that under the Privacy Act,
the Privacy Commissioner is able to make a determination that certain
classes of corporations are to be regarded as credit providers for the purposes
of the Privacy Act. Telecommunications companies are deemed to be credit
providers by virtue of such a determination: the Credit Provider Determination
No. 2006–4 (Classes of Credit Providers) as telecommunications companies
provide goods or services on terms that allow deferral of payment for at least
seven days.
9.54
However, it was argued that telecommunications companies use credit
information in a vastly different way to banks and other financial sector
entities as they provide
goods and services to customers and allow them to pay after they have
used the goods or services. Any 'trade credit'
provided is only for use of those specific telecommunications products and
services. It is not discretionary credit which can be spent on anything (like a
credit card) or a large loan of money (such as for a mortgage or a car loan).
Further, the 'trade credit'
is provided on a fixed payment cycle; that is, the customer is required
to pay in full each month for the telecommunications services they have used.
9.55
The Communications Alliance stated that access to, recording of and use
of credit information by telecommunications companies is entirely different to
that of traditional credit providers and is not taken into account in the
Exposure Draft. As a consequence, the Communications Alliance suggested that
the Exposure Draft be reviewed with the following objectives:
- determining whether each of the 'credit provider' rules is
relevant across all industries; and
-
if not, removing them from the Exposure Draft and instead
allowing them to be dealt with in the Credit Code which is to be developed by a
cross-sectoral industry group.
9.56
The Communications Alliance advised the committee that the Department of
the Prime Minister and Cabinet had indicated at the Credit Reporting Roundtable
held on 10 February 2011 that the Government is supportive of a Credit Code
which would contain different rules for each of the different 'credit provider'
types/industry sectors. The Communications Alliance concluded:
If telecommunications providers are to be required to comply
with this new legislation, then it needs to be re-written to allow sufficient
flexibility for different sectors, or be simplified and have more matters dealt
with under the Credit Code for this same purpose.[41]
9.57
Optus also commented on the differences between telecommunications
companies and traditional credit providers. Optus stated:
It is critical to us, therefore, to ensure that – just as we
do not require additional data sets that are important to other types of credit
providers – we are not captured by some of the new obligations requiring us to
contribute additional data to the credit reporting agencies.
Any changes to the information we need to provide to the
agencies will require upgrades to our computer systems, changes to internal
processes and training hundreds of staff members. As the Committee can imagine,
the costs of undertaking such tasks are not low – particularly where systems
changes are involved.[42]
Committee comment
9.58
The committee notes the concerns of the APF and Consumer Action in
relation to the use of credit reporting information for assessing potential
tenants. While real estate agents are excluded from the definition of credit
provider, it was argued that other entities manage rental properties. The
committee considers that clarity regarding this matter could be provided in the
Explanatory Memorandum.
9.59
The committee also notes the advice from the Department of the Prime
Minister and Cabinet regarding the provision of different rules in the Code of
Conduct for different types of credit provider and/or industry sector. The
committee considers that use of the Code in this way would ensure flexibility
of approach and recognition of the business practices of different industries.
Section 192 – Meaning of access seeker
9.60
Section 192 provides a meaning of access seeker in relation to credit
reporting information or credit eligibility information, about an individual
as:
- the individual; or
- a person who is assisting the individual to deal with the credit
reporting agency or credit provider and who has been authorised in writing by
the individual to make a request. The person cannot be a credit provider, a
mortgage insurer, trade insurer or a person prevented from being a credit
provider under the Act.
9.61
The ALRC recommended (Recommendation 59–3) that a provision equivalent
to subsection 18H(3) be included in the credit reporting provisions so that an
individual may access their credit reporting information, for a credit-related
purpose, with the assistance of a person authorised in writing. The Government
accepted this recommendation and commented that this stringent approach was
required so that credit reporting information does not become accessed for
non-credit related purposes which would in turn undermine the role of credit
reporting regulation. However, the Government went on to note that it was not
intended to place onerous restrictions on third parties assisting individuals
to communicate with credit reporting agencies or credit providers. The
Government indicated that it would encourage the Office of the Privacy
Commissioner to provide guidance on appropriate third party access to credit
reporting information.[43]
9.62
The National Relay Service (NRS) commented that section 192 could be
interpreted as covering someone in the role of relay officer. If this is the
case, the NRS stated that it would imply that the NRS caller would need to
provide prior written permission to the credit provider for the relay officer
to be on the line because the relay officer would, in fact, be the 'access
seeker'. While the Government response indicated that this was not intended to
be an onerous restriction, the NRS considered that was indeed the case.
Further, the NRS stated that this would also be impractical and it was 'concerned
that it could reduce the NRS's ability to achieve its legislated intent'.[44]
9.63
The NRS provided the committee with three scenarios to illustrate that
the proposed provisions would be:
- personally onerous as whether written authorisation can be
obtained during a phone call from the customer via the NRS relay officer will
depend on the call type the customer uses. For example, In Speak and Read, and
Speak and Listen calls, customers use their own speech. Because the individual
does not write during these calls they cannot give written consent via the NRS
relay officer. Written consent will be required before making a call for credit
information purposes through the NRS. The time delay in accessing, completing
and returning an authorisation form is onerous and often severely disadvantages
the NRS caller. As well as the time delay, some NRS callers [particularly Speak
and Listen callers who often have multiple disabilities] may need assistance
completing and signing an authorisation form.
- operationally impractical as it is unclear whether authorisation
forms need a specific named individual or whether general wording such as 'any
person employed in the role of Relay Officer by the party contracted by the
Commonwealth to provide the Relay Service' would be suitable. Specifically
naming an individual would be prohibitive as any of the 120 relay officers may
take the call. In addition, all relay officers use pseudonyms to protect their
anonymity as their real names are kept confidential; and
- potentially conflicting if a relay officer is considered to be
'an access seeker', it may work against the legislated intent of the NRS – that
the Relay Officer is a silent/ hidden/ minor party in the conversation and only
relays what is said by either of the two parties.
9.64
The NRS concluded that it is concerned that the need for authorisation
of a relay officer could reduce trust in the NRS and, overall, reduce the NRS's
ability to achieve its legislated intent.[45]
9.65
The OAIC also commented on the 'access seeker' provision in relation to
the NRS. The OAIC stated that the provisions may not take sufficient account of
situations where individuals obtain access using the NRS and the need for
individuals to provide written authorisation may be problematic. The OAIC noted
that the Privacy Act currently only requires written authorisation for third
parties that access information 'on behalf of an individual'. The ALRC took the
view that the NRS was not involved in accessing information 'on behalf of an
individual' and therefore written authorisation was not required under the
current provisions. The OAIC noted that the ALRC, partly for this reason, did
not recommend and express exception from the requirement to give written
authorisation for users of the NRS. However, the OAIC commented that the
Exposure Draft uses the term 'assists' rather than 'on behalf of' and, as such,
it may require users of the NRS to provide written authorisation.
9.66
The OAIC suggested that the views of the NRS and its customers be sought
to ensure the best outcome under the new credit reporting regime. Subject to
those considerations, and the need for supplementary safeguards, the OAIC
recommended that either:
- an express exception from the requirement for written
authorisation be included in the Exposure Draft for persons assisting an
individual using the NRS to access their credit-related information; or
- the language used in the definition of 'access-seeker' be modified
to take into account situations where an individual uses the NRS.[46]
9.67
Experian noted that there are certain entities, including real estate
agents, which cannot be access seekers. Experian welcomed this provision but
submitted that these exceptions alone do not place sufficiently stringent
constraints on the types of entities that can obtain access to credit
information on the basis of authorisation by an individual. It was noted that the
ALRC recognised that third party access regimes are vulnerable to being used as
a 'backdoor' means to allow entities, who are prohibited from obtaining credit
information, to get indirect access to such information for non-credit related
purposes. The Government Response also emphasised the need for stringent controls
to 'assist in ensuring that credit reporting information does not become
accessed for non-credit related purposes which would in turn undermine the role
of credit reporting regulation'. Experian submitted that the Exposure Draft
provisions should enable credit reporting agencies and credit providers to
distinguish between applications by third parties who are genuinely assisting
the individual in obtaining access to their credit information, and those where
the third party is seeking to obtain access to information for its own
purposes.[47]
Committee comment
9.68
The committee considers that the ability of individuals to access their
credit reporting information with assistance from the NRS should not be hampered
by onerous restrictions. However, as both the OAIC and the NRS have indicated,
it is unclear whether the Exposure Draft requires individuals who use the NRS
to access credit reporting information to provide written authorisation. To
many individuals, the need to provide written authorisation may be problematic.
In addition, this does not reflect the provisions of the current Privacy Act.
9.69
The committee considers that section 192 should be reviewed to ensure
that onerous conditions are not placed on individuals accessing their credit
reporting information via the NRS. The committee also recommends that the
Department of the Prime Minister and Cabinet consult with the NRS and the
Office of the Australian Information Commissioner to ensure that the most
appropriate outcome is achieved.
Recommendation 30
9.70 The committee recommends that section 192 be reviewed to ensure that
onerous conditions are not placed on individuals accessing their credit
reporting information via the National Relay Service, in particular the need to
provide written authorisation. Further, the committee recommends the Department
of the Prime Minister and Cabinet, in undertaking the review, consult the
National Relay Service and the Office of the Australian Information
Commissioner.
Section 194 – Meaning of credit reporting business
9.71
The meaning of 'credit reporting business' includes a business that involves
collecting, holding using or disclosing personal information about individuals
for the purpose of, or for purposes including the purpose of providing an entity
with information about the credit worthiness of an individual. Exemption by
regulation is provided for.
9.72
Submitters commented that the definition of credit reporting business
appears to remove the dominant purpose test that exists in the definition
contained in the current Privacy Act. There was concern that the omission of a
dominant purpose test may lead to other organisations being 'unintentionally
captured' by the definition contained in the exposure draft, for example, a
credit provider such as a bank.[48]
The Australian Institute of Credit Management (AICM) commented that:
On a day-to-day basis, credit reporting currently functions
within an industry code of conduct, governed by specific industry legislation
and overseen by privacy regulators. It is an activity that has a unique set of
obligations and remedies, and non-compliance carries substantial penalty. AICM
is concerned that organisations which provide credit may unintentionally come
within the definition of a credit reporting agency and as previously indicated
be obliged to meet additional regulatory and compliance burdens.[49]
9.73
The AFC also noted the Government's intention to remove the dominant
purpose test 'so that any business that engages in credit reporting regardless
of whether it is a large or small component should be regulated' as a credit
reporting agency. However, the AFC stated that as a result the definition of
credit reporting business may be unintentionally broader than the Government's
policy. The AFC provided the following example to illustrate its view:
...a current common industry practice for credit providers
who are looking to offer credit is the exchanging of credit references with
other credit providers. A normal component of this involves disclosing (with consent)
personal information of a customer (existing or past) for the purpose of
providing another entity with information about the individual’s history in
relation to consumer credit (ie s. 180 defined credit worthiness of an
individual). We understand that this practice is intended to be allowed to
continue. As a consequence, as currently drafted any AFC credit provider member
may meet the definition of a credit reporting business if it were to continue
this practice. It would also likely meet the definition of an organisation (s.
17) and consequently be caught within the definition of a CRA (s. 180). We
query whether this was intended. The inclusion of s. 194(3) adds a further
aspect to our concern. We understand the intention was positive; namely, to
ensure information sharing between related entities could continue without them
being regarded as a CRA. However, it also potentially has the negative outcome
of effectively indicating that a credit provider can fall within s. 194(1)
without doing more than conducting its business of credit provision and
consequently would be a CRA. We understand this was not the Government's
intended outcome.[50]
9.74
While there is a regulation making power to exempt business or
undertakings from the definition, the AFC argued that it would be preferable
for the definition to be narrowed so that the practice of a credit provider engaging
in credit reference exchanges with another credit provider does not constitute
a credit reporting business or undertaking and consequently will not meet the
definition of a credit reporting agency.[51]
9.75
Veda Advantage provided similar comments in relation to the dominant
purpose test and stated that it should be reinstated to ensure a clear
compliance framework. Veda went on to state that the definition is 'wide
reaching' and 'then proposes exemptions through regulation. This creates
uncertainty as it becomes possible for organisations to be regarded as
conducting a credit reporting business on an incidental, temporary or transient
basis'.[52]
In addition:
This would make it very difficult (if not impossible) to have
a stable, permanent and transparent compliance environment required to support
credit reporting activity or activities.
It would also impact on the rights of consumers when it comes
to enforcing their rights and the ability of regulators to audit and otherwise
undertake enforcement activities as these relate to credit reporting.[53]
Committee comment
9.76
Submitters were strongly of the view that a dominant purpose test should
be included in the meaning of credit reporting business. However, the committee
notes that the Government's response in this regard was clear:
The Government proposes to remove the 'dominant purpose' test
from the definition of 'credit reporting business' as it is concerned that any
relevant business, regardless of whether credit reporting is a large or small
component of its activities, should be covered by the credit reporting
provisions. This would continue to allow a business to engage in other
activities unrelated to credit reporting without being covered by the credit
reporting provisions to the extent that the business activity is not being
conducted for a credit reporting purpose.[54]
9.77
The committee therefore does not support the inclusion of a dominant
purpose test.
9.78
In relation to the specific example provided by the AFC, the committee
understands that a credit provider providing information to another credit
provider is permitted under section 137 (if consent is given). If credit
providers exchange information that does not fall within the definition of
credit eligibility information, that is non-credit information, the exchange is
covered by APP 6.
Navigation: Previous Page | Contents | Next Page