Privacy Act 1988
(a) a credit provider holds credit information or credit eligibility information about an individual; and
(b) the provider is satisfied that, having regard to a purpose for which the information is held by the provider, the information is inaccurate, out-of-date, incomplete, irrelevant or misleading;
the provider must take such steps (if any) as are reasonable in the circumstances to correct the information to ensure that, having regard to the purpose for which it is held, the information is accurate, up-to-date, complete, relevant and not misleading.Notice of correction 21U(2)
(a) the credit provider corrects credit information or credit eligibility information under subsection (1); and
(b) the provider has previously disclosed the information under:
(i) this Division (other than subsection 21V(4) ); or
(ii) the Australian Privacy Principles (other than Australian Privacy Principle 4.2);
the provider must, within a reasonable period, give each recipient of the information written notice of the correction.21U(3)
Subsection (2) does not apply if:
(a) it is impracticable for the credit provider to give the notice under that subsection; or
(b) the credit provider is required by or under an Australian law, or a court/tribunal order, not to give the notice under that subsection. Interaction with the Australian Privacy Principles 21U(4)
If a credit provider is an APP entity, Australian Privacy Principle 13:
(a) applies to the provider in relation to credit information or credit eligibility information that is identification information; but
(b) does not apply to the provider in relation to any other kind of credit information or credit eligibility information.
Identification information may be corrected under this section or Australian Privacy Principle 13.