Information about an individual’s finances and credit worthiness is one of the most sensitive categories of personal information. The Privacy Act 1988 (Privacy Act) has strict provisions that apply to the handling of this type of personal information.

Credit providers (including banks, building societies, utility companies and telecommunications carriers) provide information about individuals’ activities in relation to consumer credit to central databases managed by credit reporting bodies (CRBs). CRBs are then able to include that information on the individual’s credit report. A credit provider can obtain a copy of an individual’s credit report from a CRB to assist them in deciding whether to provide an individual with consumer credit, or to manage credit that has been provided to an individual.

Part IIIA of the Privacy Act sets out the specific types of personal information that credit providers and CRBs are permitted to collect about an individual for the purpose of inclusion in that individual’s credit report. That Part also determines who is permitted to access an individual’s credit report and for what purposes. It also provides privacy safeguards in relation to the handling of the information.

Taken from the OAIC website, used under the Creative Commons 3.0 Attribution Australia licence.