Privacy Act 1988
PART IIIA
-
CREDIT REPORTING
Division 3
-
Credit providers
Subdivision E
-
Integrity of credit information and credit eligibility information
SECTION 21S
SECURITY OF CREDIT ELIGIBILITY INFORMATION
21S(1)
If a credit provider holds credit eligibility information, the provider must take such steps as are reasonable in the circumstances to protect the information:
(a) from misuse, interference and loss; and
(b) from unauthorised access, modification or disclosure.
21S(2)
If:
(a) a credit provider holds credit eligibility information about an individual; and
(b) the provider no longer needs the information for any purpose for which the information may be used or disclosed by the provider under this Division; and
(c) the provider is not required by or under an Australian law, or a court / tribunal order, to retain the information;
21S(3)
If a credit provider is an APP entity, Australian Privacy Principle 11 does not apply to the provider in relation to credit eligibility information.
View history note
Hide history noteIf a credit provider holds credit eligibility information, the provider must take such steps as are reasonable in the circumstances to protect the information:
(a) from misuse, interference and loss; and
(b) from unauthorised access, modification or disclosure.
21S(2)
If:
(a) a credit provider holds credit eligibility information about an individual; and
(b) the provider no longer needs the information for any purpose for which the information may be used or disclosed by the provider under this Division; and
(c) the provider is not required by or under an Australian law, or a court / tribunal order, to retain the information;
the provider must take such steps as are reasonable in the circumstances to destroy the information or to ensure that the information is de-identified.
Civil penalty: 1,000 penalty units.
21S(3)
If a credit provider is an APP entity, Australian Privacy Principle 11 does not apply to the provider in relation to credit eligibility information.