Skip to main content

11. Are there any safeguards to protect my credit data against improper access by credit providers?

Credit providers and credit reference agencies are governed by the Code and the Ordinance. Under the Code, each time a credit provider accesses a CRA's credit reference database, the credit provider is required to inform the CRA of the reasons and circumstances under which the access has been made. The CRA is required to maintain a record of all access to its database by credit providers. In the event of there being any suspected abnormal access by a credit provider, the CRA is required to report such incident to the senior management of that credit provider and the Privacy Commissioner. To ensure compliance with the requirements of the Code, the CRA is required to conduct a compliance audit at intervals not exceeding 12 months and to submit an audit report for consideration by the Privacy Commissioner.