New laws to aid in correcting your credit report: Privacy Awareness Week 2013

 In Broker, Consumer, Industry News, Privacy Commissioner

correcting credit reportsThere are a number of significant changes which will impact the correction of credit reports coming through once Privacy Act 1988 (Cth) amendments are implemented in March 2014. As part of Privacy Awareness Week 2013 and this week’s theme Privacy Law Reform, we thought it would be fitting as credit repairers to stipulate those changes that may benefit consumers in the area of disputing unfair or inconsistent credit listings. There is a whole host of new information available to Credit Providers, and with this there will be an increased obligation for Credit Providers to provide accurate, up-to-date and fair information. When correcting their credit report, obviously each consumer will need to draw on different aspects of Privacy Legislation when making their case to dispute their credit listing, and this is why full knowledge of all available privacy legislation both current and new is the key to disputing credit listings. But we look at the new Australian Privacy Principles, and how they are currently interpreted in the draft Credit Reporting Code  of Conduct when it comes to access and correction of credit information.

By Graham Doessel, Founder and CEO of MyCRA Credit Rating Repair and

PrivacyWeek-Banners-R1 - 2013-3

Australian Privacy Principles

The National Privacy Principles (NPP) has up till now been the legislation which underpins the access and correction of Australian credit reports. Come March 2014, this legislation will become the Australian Privacy Principles (APP). There have been some long awaited changes in the area of access and correction. Currently, NPP 6 covers both access and correction, and this will be split into two separate principles APP’s 12 (access) and 13 (correction) come March 2014.


Access involves the request for individuals to access information a company holds about them, and it is an important part of Privacy legislation for credit repair. Having full access to your personal information allows you, for instance, to be privy to all the information a Credit Provider may hold about you and your account, including their client notes and their copies of documentation. To have this information is essential in order to go through and make your case for disputing a credit listing which you believe is inconsistent.

APP 12.4 introduces a new requirement for organisations to respond to a request for access within a reasonable period, and in the manner requested by the individual, if it is reasonable and practicable to do so. This will be of great benefit to consumers, as it stipulates the requirement for timeliness when requesting information from Credit Providers. Many of our clients, and indeed individuals have experienced a significant delay in receiving, if not outright refusal to provide such information. To have a Credit Provider not provide this information can stop a case for dispute in its tracks.


Currently, if an individual is able to establish that their personal information is not accurate, complete and up-to-date, an organisation must take reasonable steps to correct the information (NPP 6.5). If the organisation and the individual disagree about the accuracy, completeness and currency of the information, the organisation must attach a statement to the information noting this, if the individual requests it to do so (NPP 6.6).

Up till now, it has in many cases been difficult for individuals to establish that information is inaccurate, particularly when the Credit Provider disagrees with this claim. It has been up to the individual (or credit repairer) to go about proving the information is inconsistent.  Many individuals have no skill set for establishing proof of inaccuracy, as it requires extensive knowledge of legislation, as well the legal knowledge to negotiate with a very experienced Credit Provider.

The Privacy Commissioner explains the finer points of new legislation to help consumers with correction in its reference material on the new Australian Privacy Principles (PDF):

APP 13 amends the requirement in NPP 6.5 for an individual to establish that their personal information is not accurate, complete and up-to-date.

Instead, if:

an organisation is satisfied that, having regard to a purpose for which the information is held, the information is inaccurate, out-of-date, incomplete or irrelevant or misleading, or

the individual to whom the personal information relates requests the organisation to correct the information

the organisation must take reasonable steps to correct the personal information to ensure that, having regard to the purpose for which it is held, it is accurate, up-to-date, complete, relevant and not misleading.

If an organisation corrects personal information about an individual that it has previously disclosed to another APP entity, the organisation must take reasonable steps to notify the other APP entity of the correction, where that notification is requested by the individual (APP 13.2).

APP 13.3 requires an organisation to provide an individual with written notice if it refuses to correct the personal information as requested by the individual. The written notice must set out:

the reason for refusal (unless this would be unreasonable)

the mechanisms available to complain about the refusal, and

any other matter prescribed by regulation.

If an organisation refuses to make a correction, and an individual requests that a statement be attached to the record stating that the information is inaccurate, out-of-date, incomplete, irrelevant or misleading, the organisation generally needs to attach this statement in a way that will make the statement apparent to users of the information (APP 13.4).

APP 13.5 introduces a new requirement for an organisation to respond to a correction request within a reasonable period. The organisation must not charge the individual for making the request, for correcting the information or for associating the statement with the personal information (APP 13.5).

So in lay-man’s terms, it will be up to the Credit Provider, if it refuses to correct the personal information requested by an individual, to provide reasons as to why it has refused to correct the credit report, and to provide direction to the consumer about how to complain if necessary. On top of this, if the Credit Provider refuses to correct a credit report, individuals may be able to request that a statement be attached to their record showing that the information is considered by them to be inconsistent.

Credit Reporting Code of Conduct

Interpretation of APP’s will be set out in a new Credit Reporting Code of Conduct. Currently this document is in draft stage. There are many significant points for correcting credit reports right through this document, but in the particular area of access, correction and complaint we have these changes:


Access to information will be

-free every 12 months

-free if it relates to a CP’s decision to refuse credit The CRB’s free credit report must be as easy to find as the paid report CRB is required to give a basic explanation to the info it provides to individual on their credit report.


Can occur whether a CRB or CP is satisfied information is inconsistent, inaccurate out of date etc. Must make correction within 30 days or longer as agreed in writing by individual CRB’s or CP’s consulted by another CRB or CP about a correction requests must be responded to promptly (recommended 10 days).


Must be acknowledged within 7 days and investigated and where necessary consultation with CP’s or CRB’s may occur. A decision must be made in 30 days or longer as agreed by individual in writing.

Integrity of Credit Reporting Information

The other significant change is in the area of auditing Credit Providers. We believe this could bring about significant positive changes within the credit reporting system. Credit reporting agencies (CRB’s) will now have the task of providing reports to the public and also to the Privacy Commissioner (who will have final say on complaints and even new powers to penalise breaches) on complaints and corrections numbers.

CRB’s will need to publish information on the number of correction requests received, the number of corrections successful and the number of complaints by each CP. This is with the aim to maintain the integrity of credit reporting information, and to promote accountability through providing transparency in relation to corrections requests and complaints. It will tip the scales in what has often been a case of David and Goliath. Audits will we hope identify those companies who experience problems with credit reporting that could disadvantage consumers, and force some companies to undertake reasonable steps to rectify identified issues.

In Privacy Awareness Week tomorrow, we look at the area of Data Security and how that may impact your business…

image: digitalart/

Recommended Posts

Leave a Comment

This site uses Akismet to reduce spam. Learn how your comment data is processed.

Contact Us

We're not around right now. But you can send us an email and we'll get back to you, asap.

Start typing and press Enter to search