290 likes | 301 Views
Learn about the Credit Reporting Privacy Code 2004 in New Zealand, its origins, international context, changes, and main features. Understand the timeline, objectives, and comparisons with US and HK regulations.
E N D
Credit Reporting Privacy Code 2004 New Zealand Credit & Finance Institute luncheon Auckland, 21 February 2005 Presentation by Blair Stewart, Assistant Privacy Commissioner
Outline Presentation will cover • Quick overview • Origins of code, international context • Changes to code following industry submissions • Some of code’s main features
Quick overview • Code generally starts on 1 April 2006 • 2 clauses – affecting only credit reporters – start on 1 April 2005 (free access, internal complaints processes) So if you’re not a credit reporter, you can relax, you’ve got plenty of time in hand ….
Origins of code, international context Timeline • 1991 Privacy of Information Bill, provision made for codes • 1993 Privacy Act • 1996 industry proposals, initial work, hiatus • 2000 work restarted, industry discussions etc • July 2003 proposed code publicly notified Cont’d…
Timeline cont’d • December 2004 code issued
International context • Specific credit reporting regulation is quite usual • Sometimes stand-alone with a consumer protection focus (e.g. USA), sometimes as part of a general privacy regime (e.g. Aust, HK) • Objectives include granting rights, controlling behaviour, standardising compliance practices but also legitimising credit reporting which may otherwise be difficult to reconcile with, say, privacy law, banking confidentiality, defamation law
USA Example • Fair Credit Reporting Act 1974 • Updated by Fair and Accurate Credit Transactions Act 2003
Hong Kong Example • Code of Practice on Consumer Credit Data (issued 1998, revised 2003) adopted under Personal Data (Privacy) Ordinance 1996
Australian Example • Part 3A of Privacy Act 1988 (enacted 1990) supplemented by Credit Reporting Code of Conduct 1996 • Relevance: ANZCER, 2 main consumer credit reporters having trans-Tasman presence, similar Privacy Acts • A significant influence in development of code, observed benefits but also complexity and some rigidity
Australia/US/HK Code draws on Australia, US and HK models: • generally similar to key Australian approaches (e.g. negative reporting) and some specifics (e.g. serious credit infringement) but with notable differences in particular areas (e.g. broader access) and less complex and prescriptive • US-style statement of consumer rights, disclosure statements on websites • HK audit requirements
Changes to code following submissions • “notified code” – July 2003 …submission and consideration period… • “Issued code” – December 2004 Note: paper available outlining changes
Changes continued • Scope (move away from direct applicability to credit providers) • Permitted classes of subscribers expanded (from credit providers only to include e.g. prospective landlords, prospective employers in some circumstances) • Commencement date • Dropping requirement to suppress during correction checks, substituting flagging requirement
Some features of the code Notes: • bear in mind the code’s definitions and the definitions in the Privacy Act: e.g. “personal information”; s.7 savings • papers available on website Many of the code’s requirements focus upon: • Accuracy • Transparency • Control
Features cont’d Free access from credit reporter (clause 7) • Starts 1 April 2005 • Reasonable charge can be made where expedited access is requested (within 5 working days) • Modeled upon Australian law Removes barrier to access, can promote routine checking for accuracy before problems arise (subject as “first auditor”)
Features cont’d Internal complaints processes (clause 8) • Credit reporters required, from 1 April 2005, to have internal complaints processes that meet certain standards • enhance dispute resolution practices, low level, quick • Any complaints escalated to external process (OPC) should at outset have issues identified, investigated and documented
Features cont’d • All other aspects of code commence a year later on 1 April 2006 1 April 2006
A selection of features of note • Title change reflects narrower application • Review after 1 April 2008 • “subscriber”: limited types, subscriber agreement, obligations • Summary of rights: modeled after FCRA and FTC approach
A selection of features of note cont’d Limited information to be reported • Largely the Australian (+existing NZ) “negative reporting” model • I.e. ID + public record +adverse information • However, also allows some non-negative data e.g. previous enquiries, amount of credit sought
A selection of features of note cont’d • Controlled access • Most access needs a subscriber agreement and authorisation of the subject
A selection of features of note cont’d Disclosure without subscriber agreement or individual authorisation: • To individual concerned • Statutory demands (s.7)
A selection of features of note cont’d Access with subscriber agreement but without specific individual authorisation: • Debt collection • Law enforcement, including tax • Suspected insurance fraud
A selection of features of note cont’d Access with subscriber agreement and individual authorisation • Credit application • Prospective landlord*/prospective tenant • Prospective employer*/prospective employee for pre-employment check for position involving ‘significant financial risk’ • Prospective insurer* for underwriting credit transaction *defined terms
A selection of features of note cont’d Access and correction rights (rules 6 and 7) • Free access • Details to be flagged as disputed while correction request being actioned
A selection of features of note cont’d Audit requirements (rules 5 and 8, Schedule 3) • Credit reporter to implement a programme of compliance checks internally and with subscribers accessing database focusing upon: • Safeguarding against unauthorised access or misuse • accuracy of information • Will involve subscribers
A selection of features of note cont’d Comparison controls • Standard imposed requiring measures to be taken to minimise mis-matching
A selection of features of note cont’d Retention • A default list of retention periods that are deemed compliant: generally 5/7 years • Departure permitted but must be justified in event of complaint • Credit reporters to display retention periods on their website
The future • OPC intends that the code bring benefits in relation to accuracy, transparency and compliance • Benefits can flow to subscribers as well as individuals • Intended to publish a version of code with some commentary later in year • Code is law, but much easier to change than statute, feedback welcomed and a formal review will follow
Office of the Privacy Commissioner PO Box 466 Auckland Website: www.privacy.org.nz Enquiries: Auckland 302 8655 or 0800 803 909