Privacy Act 1988
If a credit provider holds credit eligibility information, the provider must take such steps as are reasonable in the circumstances to protect the information:
(a) from misuse, interference and loss; and
(b) from unauthorised access, modification or disclosure.
21S(2)
If:
(a) a credit provider holds credit eligibility information about an individual; and
(b) the provider no longer needs the information for any purpose for which the information may be used or disclosed by the provider under this Division; and
(c) the provider is not required by or under an Australian law, or a court/tribunal order, to retain the information;
the provider must take such steps as are reasonable in the circumstances to destroy the information or to ensure that the information is de-identified.
Civil penalty: 1,000 penalty units.
21S(3)
If a credit provider is an APP entity, Australian Privacy Principle 11 does not apply to the provider in relation to credit eligibility information.
This information is provided by CCH Australia Limited Link opens in new window. View the disclaimer and notice of copyright.