Do your views officially represent those of an organisation?
If yes, please specify the name of the organisation
Which of the following groups do you belong to?
If you would like to upload your submission as a document, please do so here.
Review of Australia’s Credit
Reporting Framework
Ms Heidi Richards, Independent Reviewer
18 June 2024
Telephone +61 2 6246 3788
Email mail@lawcouncil.au
PO Box 5350, Braddon ACT 2612
Level 1, MODE3, 24 Lonsdale Street,
Braddon ACT 2612
Law Council of Australia Limited ABN 85 005 260 622 www.lawcouncil.au
Table of contents
About the Law Council of Australia ............................................................................... 3
Acknowledgements ........................................................................................................ 4
Introduction ..................................................................................................................... 5
Discussion questions ..................................................................................................... 5
Part One: The what and why of credit reporting ............................................................. 5
Part Two: Strategic, historical and international context ................................................. 6
Part Three: Australia’s credit reporting framework ......................................................... 6
Commercial credit information ................................................................................... 7
Part Four: Impact of the credit reporting framework ......................................................10
Part Five: Credit data ................................................................................................... 11
Commercial information ............................................................................................12
Credit enquiries ........................................................................................................12
Repayment history information .................................................................................13
Part Six: Consumer protection and awareness .............................................................16
Part Seven: Access to and use of credit reports ...........................................................19
Real estate agencies ................................................................................................20
Part Eight: Privacy, information security and regulatory oversight .................................24
Review of Australia’s Credit Reporting Framework 2
About the Law Council of Australia
The Law Council of Australia represents the legal profession at the national level; speaks on behalf of its
Constituent Bodies on federal, national, and international issues; promotes and defends the rule of law; and promotes the administration of justice, access to justice and general improvement of the law.
The Law Council advises governments, courts, and federal agencies on ways in which the law and the justice system can be improved for the benefit of the community. The Law Council also represents the
Australian legal profession overseas, and maintains close relationships with legal professional bodies throughout the world. The Law Council was established in 1933, and represents its Constituent Bodies:
16 Australian State and Territory law societies and bar associations, and Law Firms Australia. The Law
Council’s Constituent Bodies are:
• Australian Capital Territory Bar Association
• Law Society of the Australian Capital Territory
• New South Wales Bar Association
• Law Society of New South Wales
• Northern Territory Bar Association
• Law Society Northern Territory
• Bar Association of Queensland
• Queensland Law Society
• South Australian Bar Association
• Law Society of South Australia
• Tasmanian Bar
• Law Society of Tasmania
• The Victorian Bar Incorporated
• Law Institute of Victoria
• Western Australian Bar Association
• Law Society of Western Australia
• Law Firms Australia
Through this representation, the Law Council acts on behalf of more than 104,000 Australian lawyers.
The Law Council is governed by a Board of 23 Directors: one from each of the Constituent Bodies, and six elected Executive members. The Directors meet quarterly to set objectives, policy, and priorities for the Law Council. Between Directors’ meetings, responsibility for the policies and governance of the
Law Council is exercised by the Executive members, led by the President who normally serves a one- year term. The Board of Directors elects the Executive members.
The members of the Law Council Executive for 2024 are:
• Mr Greg McIntyre SC, President
• Ms Juliana Warner, President-elect
• Ms Tania Wolff, Treasurer
• Ms Elizabeth Carroll, Executive Member
• Ms Elizabeth Shearer, Executive Member
• Mr Lachlan Molesworth, Executive Member
The Chief Executive Officer of the Law Council is Dr James Popple. The Secretariat serves the Law
Council nationally and is based in Canberra.
The Law Council’s website is www.lawcouncil.au.
Review of Australia’s Credit Reporting Framework 3
Acknowledgements
The Law Council of Australia acknowledges the assistance of the Law Institute of Victoria and the Law Society of New South Wales in the preparation of this submission.
The Law Council also thanks the following Section Committees for their contributions and guidance:
• the Business Law Section’s Financial Services Committee;
• the Business Law Section’s Privacy Law Committee; and
• the Legal Practice Section’s Australian Consumer Law Committee.
Review of Australia’s Credit Reporting Framework 4
Introduction
1. The Law Council of Australia appreciates the opportunity to contribute to the Review
of Australia’s Credit Reporting Framework, specifically:
• the credit reporting provisions in Part IIIA of the Privacy Act 1988 (Cth); and
• the mandatory credit reporting provisions in Part 3–2CA of the National
Consumer Credit Protection Act 2009 (Cth) (Credit Act).
2. The Law Council considers that Australia’s comprehensive credit reporting
framework—introduced in 2014—continues to be required, and is, on the whole,
functioning adequately. Nonetheless, the Law Council supports continuous
improvements to credit reporting practices and regulation, particularly to enhance
consumer and privacy protections, and notes that the Terms of Reference for the
recent Privacy Act Review excluded consideration of credit reporting.1
3. The Law Council, therefore, welcomes this review, and emphasises that, when
considering any potential reforms, a considered approach—balancing individual
human rights, privacy and consumer protections, and efficient regulation—is
required.
4. The following comments are in response to the matters raised in the April 2024
Issues Paper, and seek, to the greatest extent possible, to present a unified view on
behalf of the Australian legal profession. However, in the time available to prepare
this submission, the Law Council has not had sufficient opportunity to adopt a
settled position in response to all 46 questions posed in the Issues Paper. As such,
there are several discussion questions where a range of views have been
expressed, reflecting the varied interests that legal practitioners represent—
including those of consumers and financial services. To the extent that the Law
Council has received divergent views, this submission sets these out for the
Independent Reviewer’s consideration.
Discussion questions
Part One: The what and why of credit reporting
• How important is Australia’s credit reporting framework?
5. Credit reporting involves the collection, use and disclosure of personal information
about individuals, including information relating to loans, credit accounts, repayment
history and defaults. Credit reporting is used by credit providers to inform their
suitability assessments of borrowers’ applications for credit.
6. A credit reporting body is an organisation whose business involves the handling of
personal information to provide another entity with information about the credit
worthiness of an individual to facilitate lending decisions and other transactions.
The three main credit reporting bodies in Australia are Equifax, illion and Experian.2
1 Attorney-General’s Department, Privacy Act Review Report 2022 (February 2023) .
Review of Australia’s Credit Reporting Framework 26
131. To resolve this issue, the Privacy Act could be amended to exempt non-credit
related activities from the definition of credit reporting body. Alternatively, the
Privacy Commissioner could be given express powers to issue legislative
instruments that would rule out specific kinds of activities, or specified persons, from
being credit reporting bodies.
• Should credit reporting bodies be required to register or obtain a licence?
• Should credit reporting bodies be required to report data on their activity or
compliance to the regulator?
132. The Law Council considers that credit reporting bodies should register, and be
required to report periodically on their activities—including how they meet their
privacy obligations—to the regulator (i.e., on an annual basis).
133. The Law Council acknowledges that a requirement for a registration or licence could
result in the organisation’s business being required to cease, upon short notice, in
the case that the registration or licence is suspended, or cancelled, as a result of
serious inappropriate conduct.
134. This matter raises the further question of whether it would be appropriate for there to
be a thorough analysis of what activities are being engaged in by credit reporting
bodies with the information that they hold. Consideration should also be given to the
enactment of requirements imposed on other financial services institutions around
governance, accountability, risk management, and the reporting of breaches.
• Is the level of compliance enforcement with regulatory obligations of credit
reporting participants and the enforcement powers of regulatory authorities
sufficient?
135. Since Part IIIA of the Privacy Act commenced in 1991, there have been serious
sanctions available for breaches of Part IIIA. The Law Council is not aware of
publicly available information demonstrating whether, or how, these powers have
been used. As such, it is difficult to determine whether the existing powers are
sufficient.
136. To the extent that any non-compliance with Part IIIA is identified as part of a
complaint being considered by AFCA, AFCA may determine this as involving
‘maladministration’ and penalise the relevant misconduct. The BLS is of the view
that this creates strong normative pressure for widespread compliance by credit
providers and credit reporting bodies.
137. Similarly, the LIV considers that the level of compliance enforcement is sufficient,
although better interaction between ASIC and the OAIC could improve the current
regime.
138. The LS NSW, on the other hand, suggests that increased regulation is warranted.
While major participants in Australia’s credit framework—such as Tier One banks—
are regulated, other participants are not subject to the same degree of regulation.
At present, limited checks and balances are in place to ensure that requests for
personal information are based on legitimate purposes, thereby allowing a wide
range of entities to conduct broad investigations, possibly without a reasonable
basis.
Review of Australia’s Credit Reporting Framework 27
