Credit Code Review, Data Breach

This week proposals to the strengthen protections around the handling of consumer data.

This comes after a major review conducted by the Office of the Australian Information Commissioner (OAIC) looking at Privacy(Credit Reporting) Code 2014.

OAIC Commissioner Angelene Falke  said in a formal statement, “The way Australians’ personal information is collected, handled and stored remains a significant issue as the credit reporting landscape has expanded and shifted through a time of social, technological and regulatory change.”

The proposed changes to the credit reporting code will happen over a period of two years. 
The privacy regulator highlighted a few key proposals made in the report:

• streamlining processes for individuals, such as getting access to their credit reports and correcting their information, developing guidance pieces for individuals to explain their rights, including when a credit provider needs to provide notice that their information is being used or disclosed versus when they need to seek their consent
• introducing a ‘soft enquiries’ framework to allow people to ‘shop around’ for credit products and seek quotes, without this information being included on their credit report
• offering an automatic extension to people who have been subject to identity theft when they request a ban on their credit report to prevent fraud
• including domestic abuse as an example of circumstances beyond the individual’s control to allow credit providers not to report default information about overdue payments
• requiring CRBs to remove statute-barred debts from an individual’s credit report.

 
The OAIC said, “Where issues cannot be addressed through amendments to the CR Code or guidance, the OAIC intends to raise them with the Attorney-General so they can be considered in preparation for the review of Part IIIA of the Privacy Act required to be completed before 1 October 2024.
 
Data Breach
This comes the same week that Optus is dealing with major data breach that includes the exposure of personal and sensitive details of the telecommunication company’s customers. 

The Australian Competition and Consumer Commission (ACCC) has called on Optus customers to be vigilant and to secure their personal devices as much as they can. 

The ACCC said in an official statement, “A cyber-attack has resulted in the release of Optus customers’ personal information. If you are an Optus customer your name, date of birth, phone number, email addresses may have been released. For some customers identity document numbers such as driver’s licence or passport numbers could be in the hands of criminals. It is important to be aware that you be may be at risk of identity theft and take urgent action to prevent harm.”

In formal statement from the telecommunications company,  they said they ‘shut down the attack’ and working with the Australian Cyber Security Centre, the Australian Federal Police, and the Office of the Australian Information Commissioner (OAIC). 

Optus continued, “Optus has also notified key financial institutions about this matter. While we are not aware of customers having suffered any harm, we encourage customers to have heightened awareness across their accounts, including looking out for unusual or fraudulent activity and any notifications which seem odd or suspicious.”

The competition and consumer regulator highlighted some steps that potentially affected consumers can take to protect themselves:

• Secure your devices and monitor for unusual activity
• Change your online account passwords and enable multi factor authentication for banking
• Check your accounts for unusual activity such as items you haven’t purchased
• Place limits on your accounts or ask you bank how you can secure your money
• If you suspect fraud, you can request a ban on your credit report.