Privacy Act changes will affect you too

By on April 16, 2014

GRANT HACKELTON, Legal Practitioner Director and Ashley Dilges, Solicitor Manager of Jones King Lawyers provide an update on changes to credit reporting and privacy laws.

WE have recently seen the most significant changes to the credit reporting and privacy laws in Australia in the last twenty five years.

These changes can affect you both as a consumer as well as a business operator.


The Privacy Amendment (Enhancing Privacy Protection) Act 2012 made many significant changes to the Privacy Act 1988, and the new legislation introduces significant obligations for the protection of personal information held by Australian organisations. These changes commenced on 12 March, 2014.

In terms of the impact on you as a consumer, the changes to the privacy laws means additional credit information will now be included in your credit report. Your credit report is a document held by a credit reporting agency such as Veda or Dun & Bradstreet and summarises your consumer
credit history.

The report includes your full name, date of birth, driver’s licence, gender, residential addresses and employer information. The information is used by credit providers to help them assess your credit applications such as home loans, re-finance applications or personal loans.

Before the changes were made, credit providers used only key information to assess your credit worthiness. This information included your identity, your credit application history (such as any loans you had applied for) and any defaults you had (such as non-payment, Court proceedings, or judgments against you). the information was largely default or ‘negative’ based.

After the changes, credit providers can use additional information to assess you. This includes the date on which you opened an account or closed it, the type of account you opened, who the credit provider was or is, what the credit limit was or is and, importantly, the repayment history on the account. This means ‘positive’ information, such as the fact you always repay your credit card on time, can also be collected.

The additional information is designed to allow lenders to make more informed decisions by providing a broader picture of your credit profile based upon both positive and negative information.


A damaged credit report can have significant financial knock-on effects for many years, so it is important to ensure your report is kept up to date and is as positive as possible. This means ensuring you pay your mortgage, credit card, bills or personal loan on time.

By being proactive in this way and adopting good financial habits, your credit report will now reflect your positive efforts.

If you are a business owner, it’s important for you to know that the changes to the Privacy Act may impact your business as well.

There are heavy penalties for breaching the Act, up to a maximum of $1.7 million dollars against corporate entities in extreme cases, so it’s important to ensure that your business’ Privacy Policy complies with the changes to the law.

If your business has an annual turnover of $3 million or more, you are now legally required to have a clearly expressed and up to date privacy policy available to the public which complies with the Australian Privacy Principles (APP’s), and which details how your business deals with personal information held by it.

Personal information means information or an opinion, whether true or not, and whether recorded in a material form or not, about an individual whose identity is apparent or can be reasonably ascertained. Personal information is generally provided by an individual to a business when an individual applies to a supplier for credit and includes such details as the customer’s name, address, date of birth, contact details, occupation, and information relevant to an individual’s financial position.

Your new privacy policy must detail the management and treatment of personal information that your business holds, including:

  • How and why you collect, use, disclose, store, secure and destroy personal information;
  • The circumstances in which you may collect personal information from other sources, including from a third party;
  • How an individual may access personal information and seek the correction of such information;
  • How an individual may complain about a breach of the APP’s; and
  • Whether your business is likely to disclose personal information to overseas recipients, and if so, to which recipients. your business must then take reasonable steps to ensure the overseas recipient does not breach the APP’s.

Jones King lawyers Pty Ltd an Associate Member of the CMPA can assist your business to create a privacy policy or amend an existing one to ensure its compliance with the APP’s.

Our contact details are:

Jones King lawyers Pty Ltd,

Level 7, 525 Flinders Street, Melbourne, phone 03 9628 2801, or melb.mail@jonesking.com.au or level 2, 28 Margaret Street, Sydney, phone 02 9220 0222 or syd.mail@jonesking.com.au


The information contained in this article is of a general nature only and is not intended to constitute legal advice. readers should not act on the basis of any matter contained in this article without first obtaining independent legal advice.

You must be logged in to post a comment Login

Sponsored Ads