Amendments to the Privacy Act that came into effect on 12 March 2014 improve privacy protection to Australian citizens.
The Privacy Act 1988 regulates the handling of people’s personal information. Under the law this can include a range of information that may identify a person.
The law recognises that some personal information requires a higher standard of care. There are strict rules about collecting, using and disclosing "sensitive information" – personal information about matters such as a person’s health and which can affect a person if used inappropriately.
"The new privacy laws aim to balance protection of an individual's personal information with permitted or authorised uses of that information, generally by reference to the purpose for which the personal information was collected in the first place," said TIO Privacy Officer Doron Karliner. “For the TIO, having a good understanding of the changes to the law is important because we must be privacy compliant, and because we handle thousands of complaints each year about privacy issues and credit information."
Open and transparent management of personal information
The new privacy amendments create a framework for open and transparent management of personal information and credit-related information. According to the amended Act, an organisation can only use personal information for the primary purpose for which it was collected and only in limited circumstances for any other purpose. It also gives individuals rights to access personal information held about them and to correct wrong information. Organisations and government agencies are obliged to inform individuals about these rights.
A new credit reporting regime
The Privacy Act establishes a more comprehensive credit reporting system in Australia. The changes take into account a person’s right to privacy while understanding that credit providers need access to personal information to make decisions about credit applications.
Credit providers collect, use and disclose personal information to assess consumers' eligibility for credit. For example, a telecommunications service provider is considered a credit provider when it offers a post-paid service.
As such, it can access credit information to make a decision about a consumer's capacity to afford a service and can report a consumer who does not pay a debt in what is commonly known as a "default listing."
Telco consumers can be default listed for bills over $150 and that have been overdue for more than 60 days. The provider must send two notices to the consumer: one when the bill becomes overdue and another when they intend to report the default.
If a consumer tells the provider they are experiencing hardship, the provider cannot disclose default information while it is considering the consumer’s request.
External dispute resolution
Complaints about interferences with privacy can be directed to the Office of the Australian Information Commissioner (OAIC) or a recognised external dispute resolution (EDR) scheme. The TIO is the recognised EDR scheme for telecommunications privacy complaints.
Privacy complaints the TIO handles
We deal with a wide range of privacy and credit reporting complaints about telecommunications service providers and telco services. Under both privacy laws and other regulation, some of the common complaints we receive are listed below.
- Information collected, stored or disposed of in a way contrary to privacy law
- Disclosure of personal information
- Disclosure of a consumer’s silent number
- Access to personal information being denied
- Spam received from a telecommunications provider
- Providers telemarketing a consumer after being asked to stop
- Providers not following correct procedures of dealing with unwelcome or life-threatening communications
- Default listings not removed after five years or updates after the debt has been paid
- Default listings made in error or without proper notification
- Financial hardship and payment arrangements
- Debt collection activities Consumers being unable to access or correct credit information
- Consumers being denied a service due to a negative credit assessment that is not fully explained
- Listing of old debts
- Debts sold to third party collections agents
More information about the privacy law reform is available on the OAIC’s website