What is the difference between privacy policies and credit reporting policies? Does your business require a credit reporting policy, and what are your legal obligations?
Amidst increased concerns of privacy protection and data use, this area of law and commercial compliance is under scrutiny, with consequential legislative reforms on their way. Ensuring that your business appropriately deals with personal information and complies with Privacy Laws is now paramount.
Under the Privacy Act 1988 and the Australian Privacy Principles (Privacy Laws), businesses are required to adhere to stringent regulations when collecting, using, and disclosing customer or client information. Both privacy policies and credit reporting policies act as blueprints for handling personal information to ensure that the business complies with the Privacy Laws.
A credit reporting policy outlines specifically how a business deals with credit-related information, which includes information collected or created about a customer or client regarding their consumer credit and history.
When do you need a credit reporting policy?
Whether you require a credit reporting policy is currently dependent on two main factors:
- Whether your business is an Australian Privacy Principal (APP) entity – generally meaning that you generate more than $3 million in revenue each year; and
- You extend credit to your customers on terms more than 7 days.
The APP threshold already captures a large volume of commercial businesses, however it is worth noting that anticipated changes to the Privacy Act in 2024 may result in the $3 million revenue threshold for an APP entity being removed. This will mean that more small and medium sized businesses will require these policies.
Your obligations and compliance
Simply having your customers consent to sharing credit-related information on your credit application forms is not enough to satisfy the requirements of the Privacy Laws. The APPs outline specific details and processes related to how you manage credit-related information that you need to make known to your customers.
For businesses that fall under the definition of an APP entity and provide goods or services on credit, establishing robust privacy and credit reporting policies is essential.
Importantly, breaching your obligations under the APPs and Credit Reporting Code is a breach of the Privacy Act. Serious and repeated interferences with privacy can cost you up to $2.5 million for individuals and $50 million for companies facing civil penalties. Comprehensive policies will not only help safeguard your business against complaints, but also ensure compliance with Privacy Laws and regulations.
Whether seeking to understand which policies apply to your business, or requiring advice about best privacy practices, contact our commercial law experts to help you navigate this complex and evolving area of law.