Commonwealth Consolidated Acts

[Index] [Table] [Search] [Search this Act] [Notes] [Noteup] [Previous] [Next] [Download] [Help]

PRIVACY ACT 1988 - SECT 20Q

Security of credit reporting information

             (1)  If a credit reporting body holds credit reporting information, the body must take such steps as are reasonable in the circumstances to protect the information:

                     (a)  from misuse, interference and loss; and

                     (b)  from unauthorised access, modification or disclosure.

             (2)  Without limiting subsection (1), a credit reporting body must:

                     (a)  enter into agreements with credit providers that require the providers to protect credit reporting information that is disclosed to them under this Division:

                              (i)  from misuse, interference and loss; and

                             (ii)  from unauthorised access, modification or disclosure; and

                     (b)  ensure that regular audits are conducted by an independent person to determine whether those agreements are being complied with; and

                     (c)  identify and deal with suspected breaches of those agreements.

             (3)  Without limiting subsection (1), if a credit reporting body holds credit reporting information, the body must store the information:

                     (a)  either:

                              (i)  in Australia or an external Territory; or

                             (ii)  in accordance with any security requirements prescribed by the regulations for storing the information outside of Australia and the external Territories; and

                     (b)  in accordance with any security requirements prescribed by the regulations.

Note:          Requirements prescribed for paragraph (b) apply wherever the information is stored.



AustLII: Copyright Policy | Disclaimers | Privacy Policy | Feedback