All images are of AAR staff and partners
Allens Arthur Robinson
Privacy homeOverviewNPPs & codesComplyingLegislation & linksIndustriesNews
Home »  Industries »  Credit providers »  
Print Version
Or use advanced search
Introduction
Credit providers
General law
Code of Banking Practice
Credit Union & Building Society Codes of Conduct
EFT Code of Conduct
Part IIIA of the Privacy Act
Checklist
Government work
Health
Insurance
Media
Superannuation
Telecommunications
Telemarketing
 Feedback
 Contacts
 Glossary


Checklist

The privacy law poses a compliance challenge. To start with you need to:

  • Decide whether there is any approved privacy code you could subscribe to as an alternative to the NPPs. If there isn't, consider whether you should work with your industry body to develop one. 
  • Assess whether your systems can flag data collected before and after 22 December 2001. If you can't, you'll be forced to treat all information as governed by the new regime. 
  • Develop systems to isolate and then destroy or make anonymous personal information that is no longer needed. Given the cost involved you will need to determine what are reasonable steps in this regard. 
  • Determine which third parties (if any) you collect information from and what you will need to do about that information. 
  • Review your current arrangements for sharing information with related companies. 
  • Ensure customers are given appropriate information, and their consent to use and disclose information is obtained, where necessary. This means amending: 
  • forms and contracts collecting personal information; 
  • signage, brochures and notification at collection points (for example, your website); and 
  • telephone procedures used by employees and agents. 
  • Review your arrangements with agents and intermediaries - such as call centres - to ensure that they comply with the new regime. 
  • Structure into your first contact with customers: 
  • an express consent to any use or disclosure for a secondary purpose where consent cannot be implied; and 
  • an express opportunity for them to convey a wish not to receive direct marketing communications. 
  • Consider the position of staff as well as customers and ensure appropriate procedures are implemented. 
  • Ensure your policies preventing unauthorised access, modification or disclosure are adequate. 
  • Consider your current procedures for access and correction requests and modify them to the extent necessary. 
  • Consider what is an appropriate fee to cover the reasonable costs of providing a customer with copies of the information held about them or extracts from that information. 
  • Determine what are reasonable steps to ensure that personal information is accurate at each of the stages of collection, use and disclosure to someone else. 
  • Identify transactions requiring international data flows and ensure safeguards are in place which conform with the legislation. 
  • Develop and revise training and compliance reporting programmes. 
  • Review your complaints handling procedure. 
  • Don't forget the corporate or institutional parts of your organisation. You need to ensure that you comply in full with the new legislation in respect of personal information held about individuals, such as directors and shareholders of corporate customers. 


Allens home | Privacy home | Top of page | Disclaimer | Privacy | Sitemap
Allens Arthur Robinson - a leading international law firm
© 2008 Allens Arthur Robinson, Australia | contactus@aar.com.au

 Allens Arthur Robinson - Clear Thinking