MyCRA Specialist Credit Repair Lawyers

Tag: privacy law reform

  • Privacy Law Reform To-Do List: Privacy Awareness Week 2013

    privacy law reform to do listIn our last post for Privacy Awareness Week 2013, we set out some actions you can take now for your family to get you up to speed and ready for important changes to the Privacy Act 1988 (Cth) which will impact you. We include the specific things you can to do to support your ability to obtain credit and have your credit file looking its best when changes come into effect on March 2014.

    By Graham Doessel, Founder and CEO of MyCRA Credit Rating Repair and www.fixmybadcredit.com.au.

    PrivacyWeek-Banners-R1 - 2013-3

    What can you do to support your credit file and ensure you look your best to Credit Providers? It will be essential from now and going forward to be mindful of what may constitute bad credit. Although as a consumer you are not privy to your credit ‘rating’ score, a Credit Provider will be provided with a number based on your credit habits – and this will be used to help calculate your credit worthiness. Whilst it is not disclosed by credit reporting agencies the specific items which lower your score and how much by, traditionally there are some things you can do to which will help keep your credit-worthiness in check. We look at good credit habits, and what things you need to do when our Privacy Laws change in March 2014:

    1. Pay on time, every time.

    Your repayment history information is being collected now. It is imperative you make repayments on accounts by their due date to avoid having late payment notations recorded on your credit file and shown after the March 2014 implementation.

    If you can’t pay on time, seek alternative arrangements with your lender – but be advised these new arrangements will be recorded on your credit file. This would always be preferable to a default listing though – especially if you can show good repayment history at those new terms – so there is a new incentive to get in and work it out with your lender prior to letting your accounts go into arrears and copping a default listing.

    2. Check your credit file regularly.

    Make a habit of checking your credit file regularly. You can do this for free annually through the Australia’s credit reporting agencies. There will be five new data sets of information available to Credit Providers who request a copy of your credit report. These will be:

    – repayment history information;

    – the date on which a credit account was opened;

    – the date on which a credit account was closed;

    – the type of credit account opened; – and the current limit of each open credit account.

    It is essential that you take responsibility for the accuracy of your credit file information and even more so when the above new sets of information becomes available to Credit Providers.

    3. Correct credit information which you believe is inaccurate, inconsistent or unfair.

    If there is anything on your credit report which you believe rings untrue, or shouldn’t be there, you have the right to request this information be rectified. You will need to contact your Credit Provider to alter this information. You should do this before the information has any bearing on a credit application you may make in the future. You may contact a credit repair company to assist you with this if the change is a significant one, or if you expect resistance to the request. After March 2014, if your Credit Provider disagrees with your request to correct your credit information, you can have your dispute noted on your credit file and this would be worthwhile requesting if you believe your listing shouldn’t be there.

    4. Take precautions when applying for credit.

    You may not realise, but the volume of credit you apply for and the type of credit you apply for can hinder any future credit application you may make. Whilst it is a great idea to research credit before applying – you should only ever make a credit application you have full intention of pursuing. Too many credit applications will mean you are refused credit. And from March 2014 this will be clearly displayed on your credit report. Likewise, if you apply for too many ‘high interest’ or ‘bad credit’ loans – you could be penalised with a lender if you apply for a mortgage – especially with a credit ‘scoring’ method which may shave points off your score through this type of credit application.

    5. Seek cautions credit limits.

    You may have a credit limit of $10,000 – but only have used a quarter of that. This may not be to your advantage. If you’re not using it, don’t have it is the general adage. If you take out a credit card or other line of credit, it’s probably not wise to opt for a lofty limit. You could try to get it closer to what you intend to use. A Credit Provider will only see the credit limit and not the actual amount you have utilised on that limit. As with credit applications, any credit ‘score’ may be reduced by credit limits which are too high.

    6. Make information security paramount.

    Understand how lucrative your personal information can be in the wrong hands, and take steps to keep abreast of how it can be at risk from things like identity theft. Identity theft can lead to the stealing of credit through the fraudsters accessing your credit file. Victims can end up with defaults on their credit file and a ban on obtaining credit for 5 years. The Office of the Information Commissioner (OAIC)’s factsheet Ten Steps To Protect Your Personal Information gives you some guidance on how to do that. New laws will allow you to place a ban period on your credit information if you believe you may be at risk of identity theft, which can prevent fraudsters from accessing credit in your name – so if you do feel you may be at risk – acting quickly may save your credit file from misuse.

    Image 1: Rawich/ www.FreeDigitalPhotos.net

    Banner: Courtesy of OAIC

     

     

  • Privacy Law reform – protecting your personal information and your credit file: Privacy Awareness Week 2013

    Identity theftIdentity theft is an ever-growing threat to Australians and the commodity which is traded, sought after and misused for criminal or financial gain by fraudsters is your personal information. In amendments to the Privacy Act 1988 (Cth) which occurred late last year and which will be implemented in March 2014, there will be some improvements in Privacy Law to do with requirements on organisations to keep your personal information safe. As identity theft can also go so far as to impact on your credit file, there are also improvements suggested within the Draft Credit Reporting Code of Conduct, aimed at protecting you and your credit file against identity theft. We look at these changes and the impact they may have on you.

    By Graham Doessel, Founder and CEO of MyCRA Credit Rating Repair and www.fixmybadcredit.com.au

    PrivacyWeek-Banners-R1 - 2013-3

    Personal Information in the Australian Privacy Principles

    We look at the differences in the areas of requirements by organisations in regards to personal information collection and security of personal information, as provided by the OAIC, which are set out in new Australian Privacy Principles, set to replace the current National Privacy Principles.

    Security of Personal Information

    APP 11 requires an organisation to take reasonable steps to protect the personal information it holds from interference, in addition to misuse and loss, and unauthorised access, modification and disclosure (as required by NPP 4.1).

    APP 11.1 imposes the same obligation as [fusion_builder_container hundred_percent=”yes” overflow=”visible”][fusion_builder_row][fusion_builder_column type=”1_1″ background_position=”left top” background_color=”” border_size=”” border_color=”” border_style=”solid” spacing=”yes” background_image=”” background_repeat=”no-repeat” padding=”” margin_top=”0px” margin_bottom=”0px” class=”” id=”” animation_type=”” animation_speed=”0.3″ animation_direction=”left” hide_on_mobile=”no” center_content=”no” min_height=”none”][current] NPP 4 in relation to the protection of the personal information that an organisation holds. However, APP 11.1 now also requires organisations to protect personal information from interference.

    APP 11.2 introduces new exceptions to the requirement that an organisation take reasonable steps to destroy or de-identify personal information, once it is no longer needed for any purpose for which it may be used or disclosed in accordance with the APPs: – if it is not contained in a Commonwealth record (APP 11.2(c))[6], and – if the organisation is not required by or under an Australian law, or a court/tribunal order, to retain the information (APP 11.2(d)).[7]

    Sensitive information

    Summary of [current] NPP 10 An organisation must not collect an individual’s sensitive information unless a listed exception applies (NPP 10.1). Sensitive information is defined in s 6.

    NPP 10.2 and 10.3 set out specific exceptions regarding the collection of health information.

    Relevant APPs

    APP 3 – collection of solicited personal information

    Key differences

    APP 3 clarifies that an organisation must only collect sensitive information about an individual if the individual consents to the collection and the information is reasonably necessary for the organisation’s functions or activities, or an exception applies (APP 3.3).

    The definition of sensitive information in s 6 has been extended to include: -biometric information that is to be used for the purpose of automated biometric verification or biometric identification or biometric templates.[14]

    Sensitive information may also be collected about an individual: -if required or authorised by or under an Australian law or a court/tribunal order (APP 3.4(a))[15] when a permitted general situation or permitted health situation applies (APP 3.4(b)-(c), s 16A).

    Permitted general situations include the collection of sensitive information where: -the entity reasonably believes that the collection is necessary to lessen or prevent a serious threat to the life, health or safety of any individual or to public health or safety, and it is unreasonable or impracticable to obtain the individual’s consent to the collection (APP 3.4(b), permitted general situation 1 (s 16A item 1)).

    This exception reflects the wording of NPP 10.1(c), but removes the requirement that the threat must be imminent. This exception also replaces the specific circumstances set out in NPP 10.1(c) in which an individual may be unable to consent, with the more general ‘unreasonable or impracticable’.

    -the entity has reason to suspect that unlawful activity, or misconduct of a serious nature, that relates to the entity’s functions or activities has been, is being or may be engaged in, and the entity reasonably believes that the collection is necessary for the entity to take appropriate action in relation to the matter (APP 3.4(b), permitted general situation 2 (s 16A item 2)).

    This is a new exception in relation to the collection of sensitive information.

    the entity reasonably believes that the collection is reasonably necessary to assist any APP entity, body or person to locate a person who has been reported as missing (APP 3.4(b), permitted general situation 3 (s 16A item 3)).

    This is a new provision in relation to the collection of sensitive information.

    The permitted health situations replicate the wording of NPP 10.2 and NPP 10.3, in relation to the collection of health information for the provision of a health service and for research.

    APP 3.4(e) relates to non-profit organisations and replaces NPP 10.1(d). APP 3.4(e) permits the collection of an individual’s sensitive information by non-profit organisations where the information:

    relates to the activities of the organisation, and relates solely to the members of the organisation, or to individuals who have regular contact with the organisation in connection with its activities.

    The definition of ‘non-profit organisation’ is now included in s 6.[16] It states that a ‘non-profit organisation’ means an organisation that is a non-profit organisation, and engages in activities for cultural, recreational, political, religious, philosophical, professional, trade or trade union purposes. This definition replaces the terms ‘racial’ and ‘ethnic’ in the NPP 10.5 definition with the term ‘cultural’. In addition, it also includes in the definition organisations with a ‘recreational’ purpose.

    Identity theft and credit file protection

    The proposed new Credit Reporting Code of Conduct – currently in draft stage, has some significant new protections for victims of fraud.

    The draft code sets out the opportunity for individuals who believe they may be likely to be or have been a victim of fraud, to request a ban be placed on the use or disclosure of their credit reporting information without the individual’s consent. This is intended to combat identity theft which involves the stealing of credit through impersonating the victim and taking credit out in their name.

    Where a Credit Reporting Bureau (CRB) receives a request from a Credit Provider (CP) for credit reporting information about an individual in relation to whose credit reporting information a ban period is in effect, the CRB must inform the CP of the ban period and its effect.

    The Code also intends to give a CRB powers in these cases to seek information relevant to the individual’s fraud allegations from a CP who may have also been affected by the alleged fraud in order to both determine whether the individual has been a victim of fraud, and to decide the length of the ban period.

    Enhanced powers for the Privacy Commissioner

    Whilst we are yet to have mandatory data breach notification laws, which would require individuals to be notified by an entity which holds their information of a data breach (currently it is just encouraged that this occurs), there are some areas where the Privacy Commissioner’s powers will be strengthened.

    The Privacy Commissioner will have enhanced powers, in the areas of:

    • Ability to accept enforceable undertakings

    • Ability to seek civil penalties in the case of serious or repeated breaches of privacy

    • Ability to conduct assessments of privacy performance for both Australian government agencies and businesses.

    On 28 December 2012, section 4AA of the Crimes Act 1914 was amended to increase the amount of a penalty unit from $110 to $170.

    This means that, under the reforms to the Privacy Act due to commence on 12 March 2014, the maximum penalty amount for a serious or repeated interference with the privacy of an individual will be $340,000 for individuals and $1.7 million for entities.

    Identity theft test.

    As part of Privacy Awareness Week, you can take an online identity theft test, via the OAIC website to see how vulnerable you may be to identity theft. It examines 11 ways you could become a victim of identity theft and offers advice on ways to reduce your risk.

    Image: Salvatore Vuono/ www.FreeDigitalPhotos.net[/fusion_builder_column][/fusion_builder_row][/fusion_builder_container]

  • Information Security – Is Your Business Ready for Privacy Law Reform? Privacy Awareness Week 2013

    Do you have a plan to walk your business through privacy law reforms? The Office of the Information Commissioner (OAIC) recommends businesses and government agencies who have obligations under the Privacy Act 1988 (Cth) should start planning now for the implementation of privacy law reform in March 2014. We provide you with guidance and links to the many significant aspects governing new obligations and responsibilities as a business which handles the personal information of individuals to assist you with the changes coming your way next year.

    By Graham Doessel, Founder and CEO of MyCRA Credit Rating Repair and www.fixmybadcredit.com.au.

    PrivacyWeek-Banners-R1 - 2013-3

    Currently, businesses covered by the Privacy Act are subject to the 10 National Privacy Principles (NPPs), while most Australian, ACT and Norfolk Island government agencies must comply with 11 Information Privacy Principles (IPPs). Under the new privacy law the IPPs and NPPs will be replaced by the new, unified, Australian Privacy Principles (APPs). This is just one of the many significant changes to the Privacy Act.

    The OAIC has outlined some questions you can ask yourself to see what your requirements may be within the new privacy laws:

    • Does your business or agency handle personal information? There are some changes to what constitutes personal information under the Privacy Act

    • Do you need to review your business or agency’s privacy policy? You should have an up-to-date policy that is reviewed regularly. The new laws set out some requirements for privacy policies

    • Do you need to review your business or agency’s outsourcing arrangements? You will need to do this particularly if you are sending personal information overseas.

    • Do you use direct marketing to reach your customers? If you do, you will need to provide an easy way for people to opt-out of receiving these communications. There are some new rules in the area of direct marketing.

    • Does your business or agency receive unsolicited personal information. There are some new rules on how to handle this information.  

    • Do your information security systems need to be reviewed and updated?

    We recommend you download the OAIC’s Guide to Information Security (PDF) – an essential document for any business or agency which establishes a requirement to protect the personal information of individuals.

    If you are directly handling personal information, see also below the OAIC’S privacy factsheet 7 on ‘Ten Steps to protect other people’s personal information’ below:

    Ten steps to protect other people’s personal information.

    The aim of this 10 step guide is to help your organisation or agency protect other people’s personal information.

    Personal information is defined in s 6 of the Privacy Act 1988 (Cth) (Privacy Act) and means information that identifies or could reasonably identify an individual. There are some obvious examples of personal information, such as a person’s name and address. Personal information can also include medical records, bank account details, photos, videos, and even information about what an individual likes, their opinions and where they work.

    The 10 step guide gives a snapshot of some of the privacy rights for individuals, and obligations that organisations and Australian, ACT and Norfolk Island Government agencies have under the Privacy Act.

    The OAIC website has more information for organisations and agencies. You can also call our Enquiries Line on 1300 363 992.

    1. Only collect information you need

    Make sure individuals know what personal information your organisation or agency collects and why. Also ensure that: each piece of information is necessary for any of the functions or activities of the organisation or agency, and the information is required in the circumstances. Sometimes, activities can be carried out without collecting personal information. This allows individuals to interact anonymously with your organisation or agency.

    2. Don’t collect personal information about an individual just because you think that information may come in handy later.

    Only collect information that is necessary at the time of collection, not because it may become necessary or useful at a later date. If you need it later, collect the information then.

    3. Tell people how you are going to handle the personal information you collect about them.

    Have a publicly available policy that tells people how you handle personal information. Also, when you collect personal information, always let people know why you need to collect the information, how you plan to use it, who you are going to give it to. Make sure they know your contact details and, if they want to, how they can get access to their personal information.

    4. Think about using personal information for a particular purpose.

    Generally, organisations should not use personal information for a secondary purpose unrelated to the main purpose for which they collected the information. Unless your organisation has consent from the individual concerned or authorisation under law, it should generally only use personal information if it is: related to the purpose your organisation collected it for, and within the reasonable expectations of the individual.

    Similarly, agencies must: only use personal information for a relevant purpose, and take reasonable steps to ensure that personal information is accurate, up to date and complete before using it.

    The OAIC website has more information on the obligations organisations and agencies have under the Privacy Act.

    5. Think before disclosing personal information

    The Privacy Act allows organisations and agencies to disclose personal information in some circumstances. Sometimes, organisations and agencies disclose personal information when they don’t need to, or without considering whether the disclosure is authorised under the Privacy Act. Always think about whether a purpose can be achieved without disclosing personal information. Good practice: Get consent from the individual if you want to disclose their personal information for a reason that is different from the reason you collected it.

    6. If people ask, give them access to the personal information you hold about them

    Organisations and agencies have a general duty to give individuals access to their personal information. Here are some things to consider: Be as open as possible by giving individuals access to their personal information in the form they request. If you deny access to personal information, give the reason — consistent with the Privacy Act — to the individual as soon as you can. An individual also has an alternative path when seeking information from an agency. If an individual seeks access under the Freedom of Information Act 1982 ((Cth)) (FOI Act), the agency is obliged to consider the request under the FOI Act rather than the Privacy Act. Access under the FOI Act may be subject to specific exemptions. This alternative applies only to agencies, not organisations. The OAIC website has more information for agencies regarding the FOI Act.

    7. Keep personal information secure

    It is important that you keep personal information safe and secure from unauthorised access, modification or disclosure and also against misuse and loss. How you do this depends on the sensitivity of the information you hold, and the circumstances of your organisation or agency. Methods could include: considering the adequacy of existing security measures and procedures, including whether any relevant standards are met training staff in privacy procedures ensuring adequate IT security, such as installing firewalls, cookie removers and anti-virus scanners on work IT systems checking that all personal information has been removed from electronic devices before you sell or destroy them keeping hard copy files in properly secured cabinets allowing staff to access personal information on a ‘need to know’ basis only regularly monitoring your information handling practices to ensure they are secure. Depending on the size of your organisation and the information it collects, it may be prudent to have an external privacy audit done.

    8. Don’t keep information you no longer need or that you no longer have to retain

    If you no longer need personal information and there is no law that says you have to retain the information, then destroy it. Shred, pulp or destroy the personal information paper records. Dispose of files in security bins. Delete electronic records or files securely so that they can’t be retrieved.

    9. Keep personal information accurate and up to date

    The accuracy and currency of personal information you hold can change. Your organisation or agency needs to take reasonable steps to keep the personal information it holds current. Amend your records to reflect changes and make sure both hard copy and electronic files are updated. If you know that some personal information is likely to change regularly, go through the files periodically to ensure that your records are accurate and up to date.

    10. Consider making someone in your organisation or agency responsible for privacy

    This could be a designated person (often called a Privacy Contact Officer or Chief Privacy Officer) who: knows your organisation or agency’s responsibilities under the Privacy Act, and is willing and able to handle complaints and enquiries about the personal information handling practices of your organisation or agency. This person could also be responsible for implementing a complaint handling process, staff training programs and promoting Privacy Act compliance.

    Don’t leave privacy to chance.

    In tomorrow’s Privacy Awareness Week 2013 post – we look at the Privacy Reforms aimed at protecting individuals, and their credit file from identity theft.

  • New laws to aid in correcting your credit report: Privacy Awareness Week 2013

    correcting credit reportsThere are a number of significant changes which will impact the correction of credit reports coming through once Privacy Act 1988 (Cth) amendments are implemented in March 2014. As part of Privacy Awareness Week 2013 and this week’s theme Privacy Law Reform, we thought it would be fitting as credit repairers to stipulate those changes that may benefit consumers in the area of disputing unfair or inconsistent credit listings. There is a whole host of new information available to Credit Providers, and with this there will be an increased obligation for Credit Providers to provide accurate, up-to-date and fair information. When correcting their credit report, obviously each consumer will need to draw on different aspects of Privacy Legislation when making their case to dispute their credit listing, and this is why full knowledge of all available privacy legislation both current and new is the key to disputing credit listings. But we look at the new Australian Privacy Principles, and how they are currently interpreted in the draft Credit Reporting Code  of Conduct when it comes to access and correction of credit information.

    By Graham Doessel, Founder and CEO of MyCRA Credit Rating Repair and www.fixmybadcredit.com.au.

    PrivacyWeek-Banners-R1 - 2013-3

    Australian Privacy Principles

    The National Privacy Principles (NPP) has up till now been the legislation which underpins the access and correction of Australian credit reports. Come March 2014, this legislation will become the Australian Privacy Principles (APP). There have been some long awaited changes in the area of access and correction. Currently, NPP 6 covers both access and correction, and this will be split into two separate principles APP’s 12 (access) and 13 (correction) come March 2014.

    Access

    Access involves the request for individuals to access information a company holds about them, and it is an important part of Privacy legislation for credit repair. Having full access to your personal information allows you, for instance, to be privy to all the information a Credit Provider may hold about you and your account, including their client notes and their copies of documentation. To have this information is essential in order to go through and make your case for disputing a credit listing which you believe is inconsistent.

    APP 12.4 introduces a new requirement for organisations to respond to a request for access within a reasonable period, and in the manner requested by the individual, if it is reasonable and practicable to do so. This will be of great benefit to consumers, as it stipulates the requirement for timeliness when requesting information from Credit Providers. Many of our clients, and indeed individuals have experienced a significant delay in receiving, if not outright refusal to provide such information. To have a Credit Provider not provide this information can stop a case for dispute in its tracks.

    Correction

    Currently, if an individual is able to establish that their personal information is not accurate, complete and up-to-date, an organisation must take reasonable steps to correct the information (NPP 6.5). If the organisation and the individual disagree about the accuracy, completeness and currency of the information, the organisation must attach a statement to the information noting this, if the individual requests it to do so (NPP 6.6).

    Up till now, it has in many cases been difficult for individuals to establish that information is inaccurate, particularly when the Credit Provider disagrees with this claim. It has been up to the individual (or credit repairer) to go about proving the information is inconsistent.  Many individuals have no skill set for establishing proof of inaccuracy, as it requires extensive knowledge of legislation, as well the legal knowledge to negotiate with a very experienced Credit Provider.

    The Privacy Commissioner explains the finer points of new legislation to help consumers with correction in its reference material on the new Australian Privacy Principles (PDF):

    APP 13 amends the requirement in NPP 6.5 for an individual to establish that their personal information is not accurate, complete and up-to-date.

    Instead, if:

    an organisation is satisfied that, having regard to a purpose for which the information is held, the information is inaccurate, out-of-date, incomplete or irrelevant or misleading, or

    the individual to whom the personal information relates requests the organisation to correct the information

    the organisation must take reasonable steps to correct the personal information to ensure that, having regard to the purpose for which it is held, it is accurate, up-to-date, complete, relevant and not misleading.

    If an organisation corrects personal information about an individual that it has previously disclosed to another APP entity, the organisation must take reasonable steps to notify the other APP entity of the correction, where that notification is requested by the individual (APP 13.2).

    APP 13.3 requires an organisation to provide an individual with written notice if it refuses to correct the personal information as requested by the individual. The written notice must set out:

    the reason for refusal (unless this would be unreasonable)

    the mechanisms available to complain about the refusal, and

    any other matter prescribed by regulation.

    If an organisation refuses to make a correction, and an individual requests that a statement be attached to the record stating that the information is inaccurate, out-of-date, incomplete, irrelevant or misleading, the organisation generally needs to attach this statement in a way that will make the statement apparent to users of the information (APP 13.4).

    APP 13.5 introduces a new requirement for an organisation to respond to a correction request within a reasonable period. The organisation must not charge the individual for making the request, for correcting the information or for associating the statement with the personal information (APP 13.5).

    So in lay-man’s terms, it will be up to the Credit Provider, if it refuses to correct the personal information requested by an individual, to provide reasons as to why it has refused to correct the credit report, and to provide direction to the consumer about how to complain if necessary. On top of this, if the Credit Provider refuses to correct a credit report, individuals may be able to request that a statement be attached to their record showing that the information is considered by them to be inconsistent.

    Credit Reporting Code of Conduct

    Interpretation of APP’s will be set out in a new Credit Reporting Code of Conduct. Currently this document is in draft stage. There are many significant points for correcting credit reports right through this document, but in the particular area of access, correction and complaint we have these changes:

    Access

    Access to information will be

    -free every 12 months

    -free if it relates to a CP’s decision to refuse credit The CRB’s free credit report must be as easy to find as the paid report CRB is required to give a basic explanation to the info it provides to individual on their credit report.

    Correction

    Can occur whether a CRB or CP is satisfied information is inconsistent, inaccurate out of date etc. Must make correction within 30 days or longer as agreed in writing by individual CRB’s or CP’s consulted by another CRB or CP about a correction requests must be responded to promptly (recommended 10 days).

    Complaint

    Must be acknowledged within 7 days and investigated and where necessary consultation with CP’s or CRB’s may occur. A decision must be made in 30 days or longer as agreed by individual in writing.

    Integrity of Credit Reporting Information

    The other significant change is in the area of auditing Credit Providers. We believe this could bring about significant positive changes within the credit reporting system. Credit reporting agencies (CRB’s) will now have the task of providing reports to the public and also to the Privacy Commissioner (who will have final say on complaints and even new powers to penalise breaches) on complaints and corrections numbers.

    CRB’s will need to publish information on the number of correction requests received, the number of corrections successful and the number of complaints by each CP. This is with the aim to maintain the integrity of credit reporting information, and to promote accountability through providing transparency in relation to corrections requests and complaints. It will tip the scales in what has often been a case of David and Goliath. Audits will we hope identify those companies who experience problems with credit reporting that could disadvantage consumers, and force some companies to undertake reasonable steps to rectify identified issues.

    In Privacy Awareness Week tomorrow, we look at the area of Data Security and how that may impact your business…

    image: digitalart/ www.FreeDigitalPhotos.net

  • Your credit check is soon to reveal all your bad habits: Privacy Awareness Week 2013.

    repayment history informationPress Release

    Your credit check is soon to reveal all your bad habits: Privacy Awareness Week 2013.

    29 April 2013

    Australians are urged to be more diligent with paying all of their bills on time, every time or face a black mark against their name as part of privacy law reforms on their way in March 2014 – and a consumer advocate for accurate credit reporting warns consumers that late payment information is being collected now.

    CEO of MyCRA Credit Rating Repair, Graham Doessel says it is important for all credit active individuals to rethink their repayment habits, or potentially face a series of late payment notations which could mean they are banned from credit in the future.

    “The time to change is now. Ensure that every bill is being paid on time – not two days late, or a week late – as come March next year – our history of paying bills late from December 2012 onward will show up when we apply for credit,” Mr Doessel warns.

    His warning comes as part of Australia’s Privacy Awareness Week 2013 which is run from 29 April to 4 May, aimed at educating individuals and businesses on matters of privacy. 2013’s theme is Privacy Law Reform – a campaign to educate Australians about changes to the Privacy Act (1988) passed on November 29 2012, which will be implemented on March 12, 2014.

    Repayment history information (RHI) is part of five new data sets which will appear on Australian credit reports, from March next year – meant to afford a more accurate picture of someone’s suitability to service a loan.

    The other four data sets are: the date on which a credit account was opened; the date on which a credit account was closed; the type of credit account opened; and the current limit of each open credit account.

    “I think late payments will be looked on pretty unfavourably when this information becomes available to lenders, along with other factors such as applying for too much credit; applying for credit too often; or applying for the ‘wrong’ type of credit,” Mr Doessel says.

    He says it is not known how much weight repayment history will be afforded on its own, but predicts lenders will be reluctant to lend to someone who presents with too many late payments – even if there are no defaults present.

    “If lenders are deciding between an application which has no late payments and one with a few scattered here and there, they’d probably choose the clear one,” he says.

    Mr Doessel says when the legislation was passed in late November, many – including himself were up in arms that RHI could be included after an account was one day late.

    “This didn’t allow for any wiggle room, and put those using systems like direct debits and BPay at risk if payments didn’t go through right on time,” he says.

    But a draft Credit Reporting Code of Conduct which will underpin the changes to the Privacy Act now allows for a 5 day grace period before RHI is recorded.

    “I am thankful that those drafting the CR Code have taken these concerns into consideration and adopted the 5 day rule for individuals – making it fairer for all,” he says.

    Mr Doessel says come March 2014, it will be more important than ever for individuals to be vigilant with checking their credit file.

    “With all the new information about people available to lenders, it is pretty crucial that it reads accurately. You can check your credit file at no charge annually by applying with Australia’s credit reporting agencies,” he says.

    Go to http://bit.ly/My-Free-Credit-File for more help to obtain your credit report.

    “Thankfully, if there are issues of inaccuracy on credit reports from March – there will be more support within the Privacy Act amendments to allow for ease of correction,” Mr Doessel says.

    PrivacyWeek-Banners-R1 - 2013-3

    /ENDS.

    Please contact:

    Graham Doessel – CEO Ph 3124 7133

    Lisa Brewster – Media Relations media@mycra.com.au

    Ph 07 3124 7133 www.mycra.com.au www.mycra.com.au/blog

    MyCRA Credit Repair 246 Stafford Rd, STAFFORD Qld

    MyCRA is Australia’s number one in credit rating repairs. We permanently remove defaults from credit files. CEO of MyCRA Graham Doessel is a frequent consumer spokesperson for credit reporting issues and is a founding member of the Credit Repair Industry Association of Australasia.

    Top image: FrameAngel/ www.FreeDigitalPhotos.net

  • Privacy Awareness Week 2013 Privacy Law Reform

    Privacy Law Reform29 April to 4 May 2013 is Privacy Awareness Week 2013 across Australia. MyCRA Credit Rating Repair are once again proud partners of PAW, and 2013’s theme “Privacy Law Reform” is especially relevant to us as credit repairers and consumer advocates for accurate credit reporting. We are taking this week to discuss the huge changes coming our way since Australia’s Privacy Act (1988) was amended in late November 2012. We look at how individuals and businesses will be impacted by new Privacy Laws, particularly in our area of focus – credit reporting and credit law, looking towards the implementation of those laws on March 12, 2014.

    By Graham Doessel, Founder and CEO of MyCRA Credit Rating Repair and www.fixmybadcredit.com.au.

    PrivacyWeek-Banners-R1 - 2013-3

    What is Privacy Awareness Week?

    Privacy Awareness Week (PAW) is an initiative of the Asia Pacific Privacy Authorities forum (APPA) held every year to promote awareness of privacy issues and the importance of the protection of personal information. Activities are held across the Asia Pacific region by APPA members.

    Why is MyCRA involved?

    Credit reporting is governed by the Privacy Act (1988) – so privacy issues are regulated and protected by this legislation. Credit repairers must be fluent in Privacy legislation in order to help consumers with their credit disputes.

    2013’s theme – Privacy Law Reform is a pertinent one for consumers.  MyCRA believes that every consumer should be educated on the changes coming in for them, and they affect every credit-active individual. We want to raise awareness of how an individual’s ability to obtain credit may be impacted (for better or worse) by these laws. We also want to demonstrate the changes that are coming in the way credit reporting information is handled, and how that will also impact the individual.

    What will change?

    The new laws will bring about changes in three main areas. (Courtesy of OAIC).

    The introduction of a unified set of Australian Privacy Principles (APPs). These principles will be introduced to replace the current National Privacy Principles for those private sector organisations covered by the Privacy Act and the Information Privacy Principles for Australian government agencies. There are a number of important changes with the introduction of the APPs, including in the areas of direct marketing, overseas disclosure of personal information and the handling of unsolicited information.

    The introduction of comprehensive credit reporting. These changes are designed to provide consumer credit providers with sufficient information to adequately assess credit risk while ensuring the protection of personal information, and to support responsible lending. The system will be underpinned by a new industry-agreed Credit Reporting Code of Conduct approved by the Commissioner.

    Enhanced powers for the Commissioner. These powers include enhanced powers to resolve investigations and promote privacy compliance with access to new remedy powers including enforceable undertakings and civil penalties. Also, for the first time, the Commissioner will be able to conduct Performance Assessments of private sector organisations to determine whether they are handling personal information in accordance with the new APPs, credit reporting provisions and other rules and codes. The Commissioner will be able to conduct these assessments at any time — an added incentive for organisations to ensure they are handling personal information in accordance with the Privacy Act.

    Credit reporting and Privacy

    Some of the areas of credit reporting which will undergo significant change will be:

    • New data on Australian credit reports – including repayment history information
    • Quality, security, accuracy and integrity of credit reporting information as set out in APP’s.
    • Improved ability to dispute credit listings
    • Ability to secure a credit file against identity crime
    • Penalties for breach of Privacy Act
    • A new Credit Reporting Code of Conduct – currently at Draft stage.

     

    Stay tuned every day this week to find out more about how Australia’s credit reporting law changes may affect you, your credit file and your ability to obtain credit.

    Image: Salvatore Vuono/ www.FreeDigitalPhotos.net

  • Credit reporting law changes – a look at complaints handling

    Credit reporting is set to be overhauled. In our arena of helping consumers make complaints and dispute their credit reports – ease of credit listing dispute for consumers would be a positive move. We look at just what to expect from these new credit laws in terms of disputed credit listings. Will consumers be given a bigger voice to make credit listing complaints?

    By Graham Doessel, Founder and CEO of MyCRA Credit Rating Repairs and www.fixmybadcredit.com.au.

    In a statement to the media on Wednesday, Attorney-General Nicola Roxon announced the next step in major legislative change to credit reporting. Amendments to the Privacy Act (1988) will be introduced during the Winter Sitting of Parliament.

    This finalises a long process of consultation following original recommendations made in a report by the Australian Law Reform Commission (ALRC) For your information: Australian Privacy Law and Practice back in August 2008.

    The ALRC report recommends 295 changes to improve Australia’s privacy framework, including major changes to credit reporting law.  The government then opted to respond to the Report in two stages, the first of which was released in October 2009. The first stage response outlines the government’s position on 197 recommendations relating to:

    • developing a single set of Privacy Principles
    • redrafting and updating the structure of the Privacy Act
    • addressing the impact of new technologies on privacy
    • strengthening and clarifying the Privacy Commissioner’s powers and functions
    • introducting comprehensive credit reporting and enhanced protections for credit reporting information
    • enhancing and clarifying the protections around the sharing of health information and the ability to use personal information to facilitate research in the public interest.

    Further information is available from www.ag.gov.au/Privacy/Pages/Privacy-Reforms.aspx.

    Draft legislation on this First Stage Response for the Credit Reporting provisions was put to the Senate for tabling, and for referral to the Finance and Public Administration Committee to consider.  The Committee’s final report on the credit reporting provisions was released in October 2011.

    On Wednesday the Attorney-General promoted changes to credit reporting arrangements as a ‘modernisation’.

    “There have been big changes to the way we access finance since 1990 when the existing credit reporting provisions came into effect,” Ms Roxon says.

    She says benefits for consumers include:

    • making a clear obligation on organisations to substantiate, or show their evidence to justify, disputed credit listings
    • making it easier for individuals to access and correct their credit reporting information
    • prohibiting the collection of credit reporting information about children
    • simplifying the complaints process by removing requirement to complain to the organisation first, complaints can be made directly to the Privacy Commissioner, and by introducing alternative dispute resolution to more efficiently deal with complaints.

    “Many consumers have expressed their frustration at not being able to understand their credit rating.

    “These changes will provide much more power to consumers to be able to access and, if necessary, correct their credit reports.”

    The Government expects the credit industry will benefit because the reforms provides a more accurate picture of an individual’s credit situation to help them make a robust assessment of credit risk, which is expected to lead to lower credit default rates.

    The role of the Privacy Commissioner will also be boosted so complaints and investigations can be more easily resolved.

    The Privacy Commissioner said in a speech on Exploring the Changing Privacy Landscape and Impending Regulations on Friday that he can see benefits for consumer credit ratings.

    “Turning now to the credit reporting arrangements, changes include a clearer obligation on organisations to substantiate, or show their evidence to justify, disputed credit listings.

    On the consumer side, there will easier access for individuals to correct credit reporting information,” Privacy Commissioner Timothy Pilgrim said.

    The clearer obligation for on organisations to substantiate or show evidence to justify disputed credit listings would be a positive change cementing requirements of creditors and hopefully easing some of the difficulty in having credit reporting information corrected.

    Currently the official procedure for making complaints to creditors about credit listings has been inadequate. The section on Complaints in the Government’s Exposure Draft introduced a clear process of complaint for the consumer and the obligations of creditors and or credit reporting agencies to follow when a consumer makes an official complaint including escalation of that complaint.

    But the actual process came under criticism from reports to the Senate Committee for its complexity and two-step process of correction request and official complaint – which could confuse consumers.

    The Office of the Australian Information Commissioner (OAIC), Consumer Action Law Centre and Consumer Credit Legal Centre NSW voiced concern that the two stop approach resulted in a complex complaints handling process.

    It was also criticised by some creditor bodies for sometimes crossing over existing law in their individual Acts.

    It is unclear what the outcome will be from the Senate and what will be certain to be included as new law in the Complaints arena.

    It is still likely that as consumers will need to address complaints as they relate to law, it could remain difficult for consumers who are not skilled in credit reporting law and don’t have the time to get educated on it to make a successful case to creditors in some instances. So whilst they may be provided with more justification from the creditor on why the listing should be there, the process could still put consumers in the position of needing to be savvy with credit reporting law to have muscle to dispute that justification.

    And whilst consumers may find the official process of complaint easier, there still may be issues around negotiating with creditors on their own behalf which could hinder their chances of successful dispute.

    For more information on how credit listing errors could affect your ability to obtain credit contact MyCRA Credit Rating Repairs 1300 667 218 or visit the main website www.mycra.com.au.

    Image: stockimages/FreeDigitalPhotos.net

  • Privacy Protection set to be heightened under Australian Law

    Big changes are coming for Australian privacy rights and laws governing the use of personal information. The Australian Government has announced it will make the first set of changes to the Privacy Act 1988 in the Winter sitting of Parliament. The announcement came yesterday from Attorney-General Nicola Roxon, who intentionally announced the changes to coincide with Australia’s Privacy Awareness Week.

    By Graham Doessel, Founder and CEO of MyCRA Credit Rating Repairs and www.fixmybadcredit.com.au.

    The Attorney-General said in her statement that Australia’s privacy laws will be reformed to better protect people’s personal information, simplify credit reporting arrangements and give new enforcement powers to the Privacy Commissioner.

    The Attorney explained that key changes to benefit consumers are:

    • clearer and tighter regulation of the use of personal information for direct marketing
    • extending privacy protections to unsolicited information
    • making it easier for consumers to access and correct information held about them
    • tightening the rules on sending personal information outside Australia
    • enhancing the powers of the Privacy Commissioner to improve the Commissioner’s ability to resolve complaints, conduct investigations and promote privacy compliance

    These changes are part of a long consultation process coming out of recommendations made within the Australian Law Reform Commission’s report For your information: Australian Privacy Law and Practice.

    The changes will include new powers for the Privacy Commissioner to enforce privacy laws. Commissioner Timothy Pilgrim said in a statement to the media these changes were a significant step forward and will allow him to better resolve privacy investigations more effectively.

    “The strengthening of these powers also sends a strong message to government agencies and businesses covered by the Act that there can be significant consequences when personal information is not given an appropriate level of protection.”

    “These changes give me more options when undertaking an investigation on my initiative. At the moment I can only make a determination when I am investigating a complaint made by an individual,” Mr Pilgrim said.

    The powers of the Privacy Commissioner to investigate Privacy complaints has previously come under criticism, particularly following the well-publicised global Sony Data Breach in April 2011 which seemed to showcase the gaping hole in Australian Privacy Law at the time. The data breach left the personal information of approximately 77 million Sony customers worldwide exposed to hackers and threatened the victims with possible identity theft and credit file misuse.

    Criticism was sparked by the Commissioner’s lack of powers to make determinations following any investigation, and also Australia’s absence of mandatory data breach notification law. It was well publicised that Sony took over a week to notify it’s customers of the data breach, in the process potentially exposing customers to identity theft and credit file fraud.

    A recent survey conducted by the University of Canberra and eBay Australia found that Australian internet users were highly concerned about identity theft and wanted government to order businesses to notify users of online data breaches.

    The survey, reported in CIO Magazine Call for mandatory data breach notification grows: Survey found 85 per cent of 700 Australian participants want data breach notifications to become mandatory. Here is an excerpt from that story:

    In addition, 86 per cent of respondents cited identity theft as their greatest privacy concern, while 83 per cent mentioned financial data loss as their biggest concern.

    The survey also found that the financial sector was the most trusted when it came to privacy (42 per cent).

    Social media was the least trusted industry on privacy with only 1 per cent of respondents saying they trusted websites such as Facebook. Sixty-one per cent of Australians surveyed nominated the social media industry as having the worst privacy practices.

    Privacy Commissioner, Timothy Pilgrim, said that the high level of support for mandatory data breach notifications is not surprising given significant data breaches over the past year such as the Sony PlayStation Network compromise.

    “Incidents are on the rise as weaknesses become apparent in business systems at the same time as hackers become more sophisticated,” he said in a statement.

    “I encourage businesses to look at our guide which not only outlines how to respond to a breach, but also how to avoid a breach in the first place by focusing on the security of their systems,” Pilgrim said.

    Other privacy law reform changes will include the introduction of a set of Australian Privacy Principles, and importantly, changes to credit reporting law.

    Some changes Attorney-General Nicola Roxon chose to highlight in her statement yesterday include:

    • making a clear obligation on organisations to substantiate, or show their evidence to justify, disputed credit listings
    • making it easier for individuals to access and correct their credit reporting information
    • prohibiting the collection of credit reporting information about children
    • simplifying the complaints process by removing requirement to complain to the organisation first, complaints can be made directly to the Privacy Commissioner, and by introducing alternative dispute resolution to more efficiently deal with complaints.

    We will be watching with intense interest at how the whole barrage of changes around credit reporting could possibly impact consumers and their credit files. The above four recommendations would be a great improvement as currently consumers can experience difficulty when disputing entries on their credit reports.

    MyCRA is proud to be a Partner for Privacy Awareness Week 2012.