Commonwealth Consolidated Acts

[Index] [Table] [Search] [Search this Act] [Notes] [Noteup] [Previous] [Next] [Download] [Help]

PRIVACY ACT 1988 - SECT 20V

Destruction etc. of credit reporting information after the retention period ends

  (1)   This section applies if:

  (a)   a credit reporting body holds credit information about an individual; and

  (b)   the retention period for the information ends.

Note:   There is no retention period for identification information or credit information of a kind referred to in paragraph   6N(k).

Destruction etc. of credit information

  (2)   The credit reporting body must destroy the credit information, or ensure that the information is de - identified, within 1 month after the retention period for the information ends.

Civil penalty:   1,000 penalty units.

  (3)   Despite subsection   (2), the credit reporting body must neither destroy the credit information nor ensure that the information is de - identified, if immediately before the retention period ends:

  (a)   there is a pending correction request in relation to the information; or

  (b)   there is a pending dispute in relation to the information.

Civil penalty:   500 penalty units.

  (4)   Subsection   (2) does not apply if the credit reporting body is required by or under an Australian law, or a court/tribunal order, to retain the credit information.

Destruction etc. of CRB derived information

  (5)   The credit reporting body must destroy any CRB derived information about the individual that was derived from the credit information, or ensure that the CRB derived information is de - identified:

  (a)   if:

  (i)   the CRB derived information was derived from 2 or more kinds of credit information; and

  (ii)   the body is required to do a thing referred to in subsection   (2) to one of those kinds of credit information;

    at the same time that the body does that thing to that credit information; or

  (b)   otherwise--at the same time that the body is required to do a thing referred to in subsection   (2) to the credit information from which the CRB derived information was derived.

Civil penalty:   1,000 penalty units.

  (6)   Despite subsection   (5), the credit reporting body must neither destroy the CRB derived information nor ensure that the information is de - identified, if immediately before the retention period ends:

  (a)   there is a pending correction request in relation to the information; or

  (b)   there is a pending dispute in relation to the information.

Civil penalty:   500 penalty units.

  (7)   Subsection   (5) does not apply if the credit reporting body is required by or under an Australian law, or a court/tribunal order, to retain the CRB derived information.



AustLII: Copyright Policy | Disclaimers | Privacy Policy | Feedback