Privacy Act 1988

PART IIIA - CREDIT REPORTING  

Division 2 - Credit reporting bodies  

Subdivision E - Integrity of credit reporting information  

SECTION 20Q   SECURITY OF CREDIT REPORTING INFORMATION  

20Q(1)    
If a credit reporting body holds credit reporting information, the body must take such steps as are reasonable in the circumstances to protect the information:

(a)    from misuse, interference and loss; and

(b)    from unauthorised access, modification or disclosure.

20Q(2)    
Without limiting subsection (1), a credit reporting body must:

(a)    enter into agreements with credit providers that require the providers to protect credit reporting information that is disclosed to them under this Division:

(i) from misuse, interference and loss; and

(ii) from unauthorised access, modification or disclosure; and

(b)    ensure that regular audits are conducted by an independent person to determine whether those agreements are being complied with; and

(c)    identify and deal with suspected breaches of those agreements.

20Q(3)    

Without limiting subsection (1), if a credit reporting body holds credit reporting information, the body must store the information:

(a)    either:

(i) in Australia or an external Territory; or

(ii) in accordance with any security requirements prescribed by the regulations for storing the information outside of Australia and the external Territories; and

(b)    in accordance with any security requirements prescribed by the regulations.

Note:

Requirements prescribed for paragraph (b) apply wherever the information is stored.