Commonwealth Consolidated Acts Commonwealth Consolidated Acts(1) If a credit reporting body holds credit reporting information, the body must take such steps as are reasonable in the circumstances to protect the information:
(a) from misuse, interference and loss; and
(b) from unauthorised access, modification or disclosure.
(2) Without limiting subsection (1), a credit reporting body must:
(a) enter into agreements with credit providers that require the providers to protect credit reporting information that is disclosed to them under this Division:
(i) from misuse, interference and loss; and
(ii) from unauthorised access, modification or disclosure; and
(b) ensure that regular audits are conducted by an independent person to determine whether those agreements are being complied with; and
(c) identify and deal with suspected breaches of those agreements.
(3) Without limiting subsection (1), if a credit reporting body holds credit reporting information, the body must store the information:
(a) either:
(i) in Australia or an external Territory; or
(ii) in accordance with any security requirements prescribed by the regulations for storing the information outside of Australia and the external Territories; and
(b) in accordance with any security requirements prescribed by the regulations.
Note: Requirements prescribed for paragraph (b) apply wherever the information is stored.