OAIC: Access seekers and credit reporting information

The Office of the Australian Information Commissioner (OAIC) has published a blog post elaborating on its approach to the Access Seeker provisions under section 6L of the Privacy Act 1988. 

As stated by the OAIC, until the access seeker provisions are clarified, organisations are entitled to pursue lawful current uses of the access seeker provisions, provided they do so on the basis of a good faith and reasonable interpretation of the current legal framework.  

However, the OAIC may consider regulatory action in the event that we become aware of any harm to individuals, or of flagrant breaches of the Credit Reporting Code or the Privacy Act. Further, if the OAIC observes an expansion of the usage of the access seeker provisions while government is considering the findings of last year’s independent review of the Credit Reporting Code, it will examine the issue further. 

The OAIC encourages organisations using the access seeker provisions to: 

• Carefully consider the compatibility of that usage with the provisions of the Privacy Act and Credit Reporting Code and be prepared to explain this usage to the OAIC if asked. 

• Ensure that any information they gather through this mechanism is not used for a purpose an individual has not given express consent for. 

• Ensure any information collected through this mechanism is held securely and is retained for the minimum possible period.