Privacy Commissioner John Edwards has released the annual compliance assurance reports submitted by the three national credit reporting companies.
“I was pleased to see the credit reporting companies actively monitoring their processes and making improvements to their systems,” Mr Edwards said, noting that the assurance reports revealed:
- Veda (now known as Equifax) implemented a Privacy Code risk register at the recommendation of an independent reviewer
- Centrix undertook a significant review of its information security policy and procedures resulting in an update to its policies
- Dun & Bradstreet’s complaints handling process was externally audited as part of ISO re-certification.
From April 2012, credit providers like banks, finance companies and some utility companies have been allowed to share more information with credit reporters. This includes information like the amount of credit a person has and whether they made all their monthly payments.
“These internal assurance reviews and reports are a key accountability process in this new information rich environment” said Mr Edwards.
The credit reporting assurance reports, which were all submitted on time and identified no significant compliance problems, can be found here.
Note for editors
The Credit Reporting Privacy Code 2004 was issued by the Privacy Commissioner under the Privacy Act 1993 and has the force of law. It requires credit reporters to submit annual compliance reports, one of several accountability mechanisms. The credit reporters are required to appoint an independent person to the internal committee that reviews compliance with the code.
The Privacy Commissioner makes the reports public to promote transparency and accountability in the handling of New Zealander’s sensitive financial information.
A PDF version of this media release is available here.
The credit assurance reports can be viewed here.
For more information, contact Charles Mabbett on 021 509 735.