Data quality obligations of credit reporting agencies
58.73 Much of the credit reporting information provided by credit reporting agencies to their subscribers is supplied to agencies by credit providers. Credit reporting can be described, to some extent, as operating on an ‘honour system’—in that credit reporting agencies do not have the capacity readily to check the accuracy of the information given to …
Publications
Read moreCredit reporting agencies
54.87 Under the Privacy Act, ‘a person is a credit reporting agency if the person is a corporation that carries on a credit reporting business’.[101] A ‘credit reporting business’ is defined as a business or undertaking … that involves the preparation or maintenance of records containing personal information relating to individuals (other than records in …
Publications
Read moreCommon law warnings
18.70 While it is beyond the scope of the present Inquiry to conduct a comprehensive analysis of common law warnings, submissions and consultations indicate that there are two aspects of the common law which are causing significant concern and warrant attention in the present Inquiry. The first relates to the Longman and Crofts warnings which …
Publications
Read moreThe movement towards a uniform evidence law
2.1 The law of evidence in Australia is a mixture of statute and common law together with rules of court.[1] As discussed in Chapter 1, although there were hopes when the Evidence Act 1995 (Cth) was passed that this would lead to uniform legislation throughout Australia, this has not yet occurred. Federal courts and courts …
Publications
Read moreOther agencies with law enforcement functions
Background37.73 With the exception of the ACC, the Integrity Commissioner and staff members of ACLEI, law enforcement agencies and other agencies with law enforcement functions are covered by the Privacy Act and therefore must comply with the IPPs. Section 6(1) of the Privacy Act relevantly provides that, with certain exceptions, an agency includes ‘a body …
Publications
Read moreRationale for the exemption of the intelligence and defence intelligence agencies
34.14 The Inspector-General of Intelligence and Security (IGIS), the main body charged with oversight of the intelligence and defence intelligence agencies, has stated that one of the reasons why the Australian intelligence agencies should be exempt, or partially exempt, from the provisions of the Privacy Act is that ‘it is necessary for the agencies to …
Publications
Read moreApplication of ‘Identifiers’ principle to agencies?
30.24 Currently, agencies are not subject to a provision regulating the adoption, use and disclosure of identifiers. In contrast, some state and territory legislation regulates the assignment, adoption, use and disclosure of identifiers by public sector bodies. Under this legislation, the assignment, adoption, use and disclosure of identifiers by public sector bodies is generally prohibited …
Publications
Read moreApplication of the ‘Data Quality’ principle to agencies
27.7 As is noted above, agencies presently are not subject to a discrete ‘Data Quality’ principle. In the Discussion Paper, Review of Australian Privacy Law (DP 72), the ALRC proposed that a single ‘Data Quality’ principle should apply to both agencies and organisations.[6]27.8 The proposal was supported almost unanimously by stakeholders.[7] The Public Interest Advocacy …
Publications
Read moreApplication of direct marketing principle to agencies
26.34 Before considering the content of the direct marketing principle, first it is necessary to consider what entities should be bound by the principle. Currently, organisations must comply with the direct marketing provisions in NPP 2.1(c) where direct marketing does not fall within one of the other limbs of the use and disclosure principle in …
Publications
Read more‘Required or authorised by or under law’
16.2 An act or practice ‘required or authorised by or under law’ is an exception (the ‘required or authorised exception’) to a number of the Information Privacy Principles (IPPs) and the National Privacy Principles (NPPs).[1] For example, IPP 11(1)(d) provides that a record-keeper may disclose personal information to a person, body or agency if the …
Publications
Read more