Arca-developed credit reporting code approved by privacy commissioner
1 October 2024
Arca welcomes the announcement by the Office of the Australian Information Commissioner (OAIC) today that it has approved the updates to the Privacy (Credit Reporting) Code requested by Arca.
The updates provide for new rights for consumers, and will drive more consistent practices across the credit industry. Key updates approved by the OAIC include:
- Better responses for victims of fraud – there will be simpler processes for individuals correcting a fraudster’s attempt to take out credit in their name, and from October 2025 individuals with a protective ban on their credit file will be entitled to free notifications about attempts to access their information
- Expanding the circumstances in which information can be corrected – this includes where a default or missed payment happened due to reasons beyond a person’s control, like natural disasters, bank errors and domestic abuse
- Updated definitions of key terms – which will reduce scope for accounts to be incorrectly held “open”, damaging an individual’s credit report
- New publications on the design of audit programs – which will provide more transparency and visibility of how credit reporting bodies ensure credit providers meet their obligations.
Richard McMahon, Arca’s General Manager – Government and Regulatory said the OAIC’s approval of the updated Credit Reporting code is a strong signal that the legal architecture for credit reporting works well.
“Arca has developed effective new requirements within the existing framework, and done so in a consultative way,” he said.
The Credit Reporting Code is an essential part of the legal framework for credit reporting, intended to provide additional detail on the laws in the Privacy Act. Arca develops the Credit Reporting Code, and consults on its contents, but the OAIC is the final decision-maker about the code.
“The provisions the OAIC has approved respond to the recommendations of the Credit Reporting Code’s last independent review,” McMahon continued.
“The updates provide consumers with more rights, promote consistent practices by credit providers and clarify the law for all parties. In short, they make credit reporting work better.
“Arca thanks the industry, consumer and other stakeholders who helped us to develop these updates, and thanks the OAIC for their time and effort approving the changes we have requested.”
The new Credit Reporting Code creates a simpler process for correcting multiple pieces of information – such as enquiries – that follow on from a fraud event.
“The new process requires all parties to think carefully about the evidence they ask for to consider this kind of correction request. The process is intended to reduce the need for individuals affected by fraud to re-tell their story,” McMahon added.
Additionally, from October 2025, individuals who have put a ban on their credit file will be entitled to receive notifications about attempts to access their information – for instance, if someone applies for credit in their name. The notifications will be on an opt-in basis, and free of charge.
“Free notifications will help individuals work out if a risk of fraud is turning into actual attempts to take out credit in their name. Credit reporting bodies will develop the systems needed to provide these notifications over the coming year.”
The updates expand correction rights in respect of information that exists due to reasons outside a consumer’s control, allowing for defaults and missed payments that have been rectified to be corrected in some cases.
“Where individuals are affected by circumstances outside their control – like a natural disaster or domestic abuse – they should talk to their credit providers about all of their options. This includes corrections, but there may be other support options available too.”
At the OAIC’s request, Arca removed proposed sections of the CR Code which would have created a ‘soft enquiries’ framework – allowing consumers more scope to shop around for credit without affecting their credit report. These provisions have been held off on account of the current Review of the Credit Reporting Framework, which concludes on 1 October.
“Arca continues to support a consistent, clear framework for soft enquiries,” concluded McMahon. “Once we have considered the findings of the Review, we will work with the Government to create a soft enquiries framework as soon as possible.”