Privacy Act 1988

PART IIIA - CREDIT REPORTING  

Division 2 - Credit reporting bodies  

Subdivision E - Integrity of credit reporting information  

SECTION 20Q   SECURITY OF CREDIT REPORTING INFORMATION  

20Q(1)    
If a credit reporting body holds credit reporting information, the body must take such steps as are reasonable in the circumstances to protect the information:

(a)    from misuse, interference and loss; and

(b)    from unauthorised access, modification or disclosure.

20Q(2)    
Without limiting subsection (1), a credit reporting body must:

(a)    enter into agreements with credit providers that require the providers to protect credit reporting information that is disclosed to them under this Division:


(i) from misuse, interference and loss; and

(ii) from unauthorised access, modification or disclosure; and

(b)    ensure that regular audits are conducted by an independent person to determine whether those agreements are being complied with; and

(c)    identify and deal with suspected breaches of those agreements.

20Q(3)    


Without limiting subsection (1), if a credit reporting body holds credit reporting information, the body must store the information:

(a)    either:


(i) in Australia or an external Territory; or

(ii) in accordance with any security requirements prescribed by the regulations for storing the information outside of Australia and the external Territories; and

(b)    in accordance with any security requirements prescribed by the regulations.

Note:

Requirements prescribed for paragraph (b) apply wherever the information is stored.





This information is provided by CCH Australia Limited Link opens in new window. View the disclaimer and notice of copyright.