Privacy law and credit reporting: Are you a credit provider?
In light of the new reforms under the Privacy Act 1988, new guidelines have become available to help companies understand the precise burden of their obligations when offering credit to customers. These reforms specifically affect direct-selling companies (DSOs).
Below we outline for our readers which organisations can be considered “credit providers” and the requirements that must be fulfilled in order to be considered a “credit provider”.
Are you a credit provider?
Although the DSO credit facilities are not governed by the National Credit Code, these companies can still fall under the scope of “credit provider” as per the purpose of the Privacy Act.
As a result of recent reforms under the Privacy Act, some organisations offering services to individuals could now be considered “credit providers” if the following are established:
Deferred payment for more than seven days or
An arrangement exists for leasing, renting, or hiring of goods.
This allows organisations other than banks and finance companies, which are the more traditional credit providers, to be placed under the same umbrella.
The other effect is that DSOs providing credit facilities even for smaller than usual amounts, or to the independent representatives, will be considered as credit providers.
Complying with the new credit reporting reforms under the Privacy Act
To ensure that your organisation is compliant with the changes under the Privacy Act, regulatory procedures and policies must be in place, outlining the most efficient ways to complete obligations in light of the new reforms. When creating these you must take into consideration the size and specific intricacies of your business. You must also make sure that these policies meet your obligations not only under the Privacy Act but also the Privacy Regulations 2013 and the Privacy (Credit Reporting) Code.
A credit provider must have:
A credit reporting policy;
A statement of notifiable matters and
Be a member of an external dispute resolution scheme when providing both consumer and commercial credit.
Statement of Notifiable Matters
The statement of notifiable matters must be clearly visible on your website, and it must be made obvious to any individual that they can request a copy of an alternative form. This statement is necessary if there is a possibility that you will be disclosing personal information to a Credit Reporting Body (CRB).
The statement of notifiable matters must include:
The name and contact details of the CRBs used by your business;
that the CRBs may include the information in reports to other credit providers to assist them in assessing the individual’s creditworthiness;
if the individual fails to meet repayment obligations in relation to consumer credit or commits a serious credit breach, you may be entitled to disclose this to the CRB;
how the individual may obtain your credit reporting policy;
the individual’s rights to:
access and seek correction of the credit information that you hold about them, and
make a complaint to you.
Be a member of an external dispute resolution scheme.
You must remember that under no circumstances can a DSO disclose information about individual credit eligibility to a CRB in the cases where such information is obtained from this individual’s repayment history. Permission to disclose this information is granted to parties holding an Australian credit license under the National Consumer Credit Protection Act.
Final guidelines
Having read the above guidelines, if you discover that your company is providing credit to consumers or independent representatives, the following are mandatory:
Have a credit reporting policy;
Address various credit-related matters in collection statements;
Have a statement of notifiable matters if the likelihood of disclosing personal information to a CRB exists and
Be a member of an external dispute resolution scheme to be able to disclose credit information about an individual to a CRB.
In the event that compliance is not fulfilled, immediate action must be taken to ensure full compliance.
What Should I Do Next?
Contact us if you would like further legal advice on privacy law and credit reporting that you think should be taken. Our lawyers at You Legal will be happy to assist you in whatever way we can.
* This blog is for general guidance only. Legal advice should be sought before taking action in relation to any specific issues.