The Privacy Act regulates the handling of people’s personal information. Under the law this can include a range of information that may identify a person.
The law recognises that some personal information requires a higher standard of care. There are strict rules about collecting, using and disclosing "sensitive information" – personal information that may not be generally available and can affect a person if used inappropriately.
"The new privacy laws aim to balance protection of an individual's personal information with permitted or authorised uses of that information, generally by reference to the purpose for which the personal information was collected in the first place," said TIO Privacy Officer Doron Karliner. "For the TIO, having a good understanding of the changes to the law is important because we must be privacy compliant, and because we handle thousands of complaints each year about privacy issues and credit information."
Open and transparent management of personal information
The new privacy amendments create a framework for open and transparent management of personal information and credit-related information.
According to the amended Act, an organisation can only use personal information for the primary purpose for which it was collected and only in limited circumstances for any other purpose. It also gives individuals rights to access personal information held about them and to correct wrong information. Organisations and government agencies are obliged to inform individuals about these rights.
A new credit reporting regime
The Privacy Act establishes a more comprehensive credit reporting system in Australia. The changes take into account a person's right to privacy while understanding that credit providers need access to personal information to make decisions about credit applications.
Credit providers collect, use and disclose personal information to assess consumers' eligibility for credit. For example, a telecommunications service provider is considered a credit provider when it offers a post-paid service.
As such, it can access credit information to make a decision about a consumer's capacity to afford a service and can report a consumer who does not pay a debt in what is commonly known as a "default listing."
Telco consumers can be default listed for bills over $150 and that have been overdue for more than 60 days. The provider must send two notices to the consumer: one when the bill becomes overdue and another when they intend to report the default.
If a consumer tells the provider they are experiencing hardship, the provider cannot disclose default information while it is considering the consumer's request.
External dispute resolution
Complaints about interferences with privacy can be directed to the Office of the Australian Information Commissioner (OAIC) or a recognised external dispute resolution (EDR) scheme.The TIO is the recognised EDR scheme for telecommunications privacy complaints.
Privacy complaints the TIO handles
We deal with a wide range of privacy and credit reporting complaints about telecommunications service providers and telco services.
- Providers not following correct procedures for dealing with unwelcome or life-threatening communications
- Providers telemarketing a consumer after being asked to stop
- Access to personal information being denied
- Information collected, stored or disposed of in a way contrary to privacy law
- Spam received from a telecommunications provider
- Disclosure of a consumer’s silent number
- Disclosure of personal information
- Consumers being denied a service due to a negative credit assessment that is not fully explained
- Consumers being unable to access or correct credit information
- Default listings made in error or without proper notification
- Default listings not removed after five years or updated after the debt has been paid
- Listing of old debts
- Debts sold to third party collections agents
- Financial hardship and payment arrangements
- Debt collection activities
In the 2012-13 financial year, less than 2 per cent of new complaints had a privacy issue, and 5.5 per cent had a credit default issue.
More information about the privacy law reform is available on the OAIC website.