Protecting Private Information

Investigating Complaints and Preventing Breaches

The Australian Privacy Commissioner and the Information Commissioner are one and the same person. Under the OAIC, the Commissioner investigates complaints against agencies or organisations where an individual alleges a breach of the Privacy Act. There is also a power to investigate without a complaint being lodged, where a breach of the Privacy Act is suspected, for example where the media has highlighted a problem. Prevention of breaches is carried out by conducting audits, and monitoring government data-matching, as well as by issuing guidance material, such as the Privacy Principles, to keep standards up to the Privacy Act requirements.

Tax File Numbers

Tax File Numbers (TFNs) are unique numbers issued by the Australian Taxation Office to identify individuals, companies and others who lodge income tax returns with the office. Individuals who do not quote their TFN to employers and financial institutions have tax deducted from their income or interest payments at the highest marginal rate. Quotation of TFNs is also a condition of receipt of most Commonwealth government assistance payments.

The Privacy Commissioner has issued TFN Guidelines under section 17 of the Privacy Act. The guidelines are legally binding and aim to restrict the use of TFN information. Unauthorised use or disclosure of TFNs is also an offence under the Taxation Administration Act 1953 (Cth). The TFN rules are also partly contained in the Income Tax Assessment Act 1936.

The Data-Matching Program (Assistance and Tax) Act 1990 provides for and regulates the matching of records between the Australian Taxation Office and the assistance agencies using the tax file number in part of the process.

Credit Reporting

The Privacy Act at Part IIIA provides safeguards for individuals in relation to consumer credit reporting. In particular, it governs the handling of credit reports and other credit worthiness information about individuals by credit reporting agencies and credit providers. The Act ensures that the use of this information is restricted to assessing applications for credit lodged with a credit provider and other legitimate activities involved with giving credit. The legislation does not directly affect commercial credit information.

The key requirements of the Act include:

• strict limits on the type of information which can be held on a person’s credit information file by a credit reporting agency, and limits on how long the information can be held on file;
• limits on who can obtain access to a credit file held by a credit reporting agency – generally only credit providers may obtain access and only for specified purposes, whilst real estate agents, debt collectors, employers, and general insurers are barred from obtaining access;
• purposes for which a credit provider can use a credit report obtained from a credit reporting agency limited to, among others:
• assessing an application for consumer credit or commercial credit (but the credit provider must seek consent if they are using a consumer credit report to assess an application for commercial credit, or using a commercial report to assess an application for consumer credit),
• assessing whether to accept a person as guarantor for a loan applied for by someone else,
• collecting overdue payments;
• prohibition on disclosure by credit providers of credit worthiness information about an individual, including a credit report received from a credit reporting agency, except in specified circumstances, which include: where the disclosure is to another credit provider and the individual has given consent, to a mortgage insurer or to a debt collector (but credit providers can only give limited information contained in or derived from a credit report issued by a credit reporting agency);
• rights of access and correction for individuals in relation to their own personal information contained in credit reports held by credit reporting agencies and credit providers.