Credit information request not a marketing opportunity: Privacy Commissioner

Hayley Miller

Kensington Swan Partner Hayley Miller and Senior Associate Gretchen Fraser discuss Amendment No.14 to the Credit Reporting Privacy Code which have been issued by the Privacy Commissioner John Edwards. 

Gretchen Fraser

Changes to the Credit Reporting Privacy Code have been issued by the Privacy Commissioner John Edwards. Amendment No 14 to the Code will provide enhanced consumer rights, keep the system fair for consumers and improve enforcement and compliance.

The changes mean that credit reporting companies will be prohibited from bundling requests for consents to additional unrelated uses or disclosures of credit information into their processes enabling individuals to exercise their statutory rights. For example, when someone makes a request to a credit reporter for their credit information, the credit reporter will not be allowed to use that process to obtain consent to disclose information to a third party such as an insurer, debt collector or credit broker. ‘Bundled consents’ can be an unfair means of collection of consents, as the individual might be misled as to whether consent is voluntary and as to what is being authorised.

Changes clarify that a formal request by an individual to a credit reporter to exercise Code rights of access, correction or suppression is not an opportunity to cross-sell products or seek consent to marketing, debt collection or other unrelated purposes. This concept of unbundling consents and requiring real and specific consent is in line with the GDPR compliance principles, and so reflective of international trends. To learn more about what the GDPR means in practice for NZ businesses click here, and for a GDPR compliance toolkit click here.

Loopholes will be closed by this Amendment, so that credit reporters will also be prohibited from using arrangements with related companies to circumvent the Code or to make uses or disclosures of credit information that would breach the Code – such as for the purposes of direct marketing or cross-selling products.

The changes strengthen and broaden the existing prohibitions on the use of credit information by credit reporters for marketing or the facilitation of marketing by others. Various safeguards are included to ensure best privacy practice and to support responsible lending.

Other changes include:

  • allowing individuals to get access to their credit reports and credit scores quickly and for free.
  • making it easier for individuals at risk of identity fraud to quickly obtain an initial credit freeze in respect of all three national credit reporters (rather than having to make an application to each one).
  • obliging credit providers to provide quotation enquiries if offering risk-based pricing in a credit product (without leaving a ‘previous enquiry’ record that may affect an individual’s credit score for future borrowing). This means that people can shop around for a good credit rate without being penalised in the calculation of credit scores.

Most of the changes come into force on 1 April 2019.

Please contact the authors if you have any queries about this article.

Innovation is at the heart of Hayley Miller’s practice. She has developed a multi-disciplinary practice which is often at the intersection of technology privacy and consumer law. Hayley has extensive experience working collaboratively with developers, suppliers and purchasers of technology hardware, software, infrastructure, products and services, including licensing, development, commercialisation, supply and acquisition and various ‘as a service’ offerings. Hayley has acted for a number of well-known companies procuring new software platforms to underlie their business operations and the related outsourcing of services (including large financial institutions, manufacturing entities, SOEs and others). Hayley is experienced in balancing agile software development contracts to reflect the reality of the agile model, while still giving the customer enough certainty to satisfy the business case. Hayley also assists clients with the commercialisation of their technology, including IT, medical, fintech and other innovative technology products across a broad range of industries and sectors. Hayley is an expert on New Zealand privacy law, regularly advising on regulatory compliance, cybersecurity, data sovereignty and other considerations to the use of cloud based technology. She assists clients utilizing big data within their organizations or as the base for new ventures utilising big data analytics. Ask Hayley about GDPR compliance. Hayley is also on the Kensington Swan board. Contact Hayley at hayley.miller@kensingtonswan.com or connect via LinkedIn.

Gretchen is a senior associate in our corporate and commercial team. She has a broad business background, having worked both in private practice and in-house across a variety of industries, particularly in the technology and telecoms sectors. As well as providing general commercial and regulatory advice, Gretchen has experience drafting, negotiating and advising on a wide range of commercial contracts such as technology supply and support, commercialisation of technology, master services agreements, distribution and reseller agreements, software licences, professional services agreements, SLAs, sponsorships, RFPs, software as a service, outsourcing and NDAs. She has extensive experience in creating user-friendly contractual templates for clients, and takes a pragmatic approach to her advice. Gretchen has worked at leading law firms, both in New Zealand and internationally, and also has entrepreneurial experience running her own businesses outside of the legal industry. Contact Gretchen at gretchen.fraser@kensingtonswan.com

You can also connect with KensingtonSwan via LinkedIn