1 / 29

Credit Reporting Privacy Code 2004

Learn about the Credit Reporting Privacy Code 2004 in New Zealand, its origins, international context, changes, and main features. Understand the timeline, objectives, and comparisons with US and HK regulations.

droth
Download Presentation

Credit Reporting Privacy Code 2004

An Image/Link below is provided (as is) to download presentation Download Policy: Content on the Website is provided to you AS IS for your information and personal use and may not be sold / licensed / shared on other websites without getting consent from its author. Content is provided to you AS IS for your information and personal use only. Download presentation by click this link. While downloading, if for some reason you are not able to download a presentation, the publisher may have deleted the file from their server. During download, if you can't get a presentation, the file might be deleted by the publisher.

E N D

Presentation Transcript


  1. Credit Reporting Privacy Code 2004 New Zealand Credit & Finance Institute luncheon Auckland, 21 February 2005 Presentation by Blair Stewart, Assistant Privacy Commissioner

  2. Outline Presentation will cover • Quick overview • Origins of code, international context • Changes to code following industry submissions • Some of code’s main features

  3. Quick overview • Code generally starts on 1 April 2006 • 2 clauses – affecting only credit reporters – start on 1 April 2005 (free access, internal complaints processes) So if you’re not a credit reporter, you can relax, you’ve got plenty of time in hand ….

  4. Origins of code, international context Timeline • 1991 Privacy of Information Bill, provision made for codes • 1993 Privacy Act • 1996 industry proposals, initial work, hiatus • 2000 work restarted, industry discussions etc • July 2003 proposed code publicly notified Cont’d…

  5. Timeline cont’d • December 2004 code issued

  6. International context • Specific credit reporting regulation is quite usual • Sometimes stand-alone with a consumer protection focus (e.g. USA), sometimes as part of a general privacy regime (e.g. Aust, HK) • Objectives include granting rights, controlling behaviour, standardising compliance practices but also legitimising credit reporting which may otherwise be difficult to reconcile with, say, privacy law, banking confidentiality, defamation law

  7. USA Example • Fair Credit Reporting Act 1974 • Updated by Fair and Accurate Credit Transactions Act 2003

  8. Hong Kong Example • Code of Practice on Consumer Credit Data (issued 1998, revised 2003) adopted under Personal Data (Privacy) Ordinance 1996

  9. Australian Example • Part 3A of Privacy Act 1988 (enacted 1990) supplemented by Credit Reporting Code of Conduct 1996 • Relevance: ANZCER, 2 main consumer credit reporters having trans-Tasman presence, similar Privacy Acts • A significant influence in development of code, observed benefits but also complexity and some rigidity

  10. Australia/US/HK Code draws on Australia, US and HK models: • generally similar to key Australian approaches (e.g. negative reporting) and some specifics (e.g. serious credit infringement) but with notable differences in particular areas (e.g. broader access) and less complex and prescriptive • US-style statement of consumer rights, disclosure statements on websites • HK audit requirements

  11. Changes to code following submissions • “notified code” – July 2003 …submission and consideration period… • “Issued code” – December 2004 Note: paper available outlining changes

  12. Changes continued • Scope (move away from direct applicability to credit providers) • Permitted classes of subscribers expanded (from credit providers only to include e.g. prospective landlords, prospective employers in some circumstances) • Commencement date • Dropping requirement to suppress during correction checks, substituting flagging requirement

  13. Some features of the code Notes: • bear in mind the code’s definitions and the definitions in the Privacy Act: e.g. “personal information”; s.7 savings • papers available on website Many of the code’s requirements focus upon: • Accuracy • Transparency • Control

  14. Features cont’d Free access from credit reporter (clause 7) • Starts 1 April 2005 • Reasonable charge can be made where expedited access is requested (within 5 working days) • Modeled upon Australian law Removes barrier to access, can promote routine checking for accuracy before problems arise (subject as “first auditor”)

  15. Features cont’d Internal complaints processes (clause 8) • Credit reporters required, from 1 April 2005, to have internal complaints processes that meet certain standards • enhance dispute resolution practices, low level, quick • Any complaints escalated to external process (OPC) should at outset have issues identified, investigated and documented

  16. Features cont’d • All other aspects of code commence a year later on 1 April 2006 1 April 2006

  17. A selection of features of note • Title change reflects narrower application • Review after 1 April 2008 • “subscriber”: limited types, subscriber agreement, obligations • Summary of rights: modeled after FCRA and FTC approach

  18. A selection of features of note cont’d Limited information to be reported • Largely the Australian (+existing NZ) “negative reporting” model • I.e. ID + public record +adverse information • However, also allows some non-negative data e.g. previous enquiries, amount of credit sought

  19. A selection of features of note cont’d • Controlled access • Most access needs a subscriber agreement and authorisation of the subject

  20. A selection of features of note cont’d Disclosure without subscriber agreement or individual authorisation: • To individual concerned • Statutory demands (s.7)

  21. A selection of features of note cont’d Access with subscriber agreement but without specific individual authorisation: • Debt collection • Law enforcement, including tax • Suspected insurance fraud

  22. A selection of features of note cont’d Access with subscriber agreement and individual authorisation • Credit application • Prospective landlord*/prospective tenant • Prospective employer*/prospective employee for pre-employment check for position involving ‘significant financial risk’ • Prospective insurer* for underwriting credit transaction *defined terms

  23. A selection of features of note cont’d Access and correction rights (rules 6 and 7) • Free access • Details to be flagged as disputed while correction request being actioned

  24. A selection of features of note cont’d Audit requirements (rules 5 and 8, Schedule 3) • Credit reporter to implement a programme of compliance checks internally and with subscribers accessing database focusing upon: • Safeguarding against unauthorised access or misuse • accuracy of information • Will involve subscribers

  25. A selection of features of note cont’d Comparison controls • Standard imposed requiring measures to be taken to minimise mis-matching

  26. A selection of features of note cont’d Retention • A default list of retention periods that are deemed compliant: generally 5/7 years • Departure permitted but must be justified in event of complaint • Credit reporters to display retention periods on their website

  27. The future • OPC intends that the code bring benefits in relation to accuracy, transparency and compliance • Benefits can flow to subscribers as well as individuals • Intended to publish a version of code with some commentary later in year • Code is law, but much easier to change than statute, feedback welcomed and a formal review will follow

  28. Office of the Privacy Commissioner PO Box 466 Auckland Website: www.privacy.org.nz Enquiries: Auckland 302 8655 or 0800 803 909

More Related