Privacy Act 2020

About the code

The Credit Reporting Privacy Code 2020 (CRPC) applies specific rules to credit reporters to ensure the protection of individual privacy. It addresses the credit information collected, held, used, and disclosed by credit reporters.

For credit reporters the code takes the place of the information privacy principles.

In March 2026 we issued Amendment No 1 to the code to reflect new Information Privacy Principle 3A (IPP3A).

Read the full code

Credit Reporting Privacy Code 2020 (in force 1 May 2026, opens to PDF, 650 KB)

Request your credit report

There are three main credit reporting companies in New Zealand; Centrix, Equifax (formerly Veda), and Experian (formerly illion, formerly Dun & Bradstreet). You can ask for your credit report from each company online:

Summary of rights

The Credit Reporting Privacy Code 2020 gives you specific rights. These rights are summarised in the below document.

Credit Reporting Summary of Rights

You can access the summary of rights in the following languages:

Arabic	Fijian	Samoan
Simplified Chinese	Hindi	Spanish
Traditional Chinese	Korean	Tongan
Farsi	Māori

Credit reporters must display this summary on their websites and must provide it to people in certain circumstances, including when responding to a person's request for a copy of their credit report.

Credit Reporting Privacy Code Amendment No 1

The Privacy Amendment Act 2025 introduced IPP3A, which is in force from 1 May 2026. In March 2026, following consultation on how to reflect IPP3A in codes of practice, the Privacy Commissioner made changes to several of our codes. You can find more about those changes, including any amendments or submissions specific to this code, below:

Previous versions

Credit Reporting Privacy Code 2020

In 2020 codes of practice were revoked and replaced to align with the Privacy Act 2020. You can read papers about that version of the code here:

Previous versions (now revoked)

2004	Credit Reporting Code 2004 (PDF) Credit Reporting Code 2004 (Word)
2005	CRPC Amdmt 1 (Temporary) (Issued 5 August 2005. The amendment came into force on 1 April 2006 and expired on 8 August 2006.)
2006	CRPC Amdmt 2 (Issued on 24 February 2006. The amendment came into force on 1 April 2006 and revokes Amendment No 1 (Temporary).
2009	CRPC Amdmt 3 (Issued 18 December 2009. The amendment came into force on 22 February 2010). - Fact sheet 3 – Q&A – Notification of Comprehensive Reporting
2010	CRPC Amdmt 4 (Issued 14 December 2010. The amendment came into force on 1 October 2011 except for some clauses and subrule 11(3)(c) (in force on 1 April 2012). - CRPC Amdmt 4 – information paper - CRPC Amdmt 4 – background to changes - CRPC Fact Sheet 1 – FAQs on Amendment No 4
2011	CPRC Amdmt 5 (Issued 30 September 2011. Except as provided in clause 3.1 of Schedule 8, this amendment came into force on 1 April 2012). - CRPC Amdmt 5 – information paper - CPRC Amdmt 5 – background to changes - CRPC Amdmt 5 – Q&A
2012*	CRPC Amdmt 6 (Temporary) (Issued 26 March 2012*. This amendment came into force on 1 April 2012 and expired on 31 March 2013).
2013	CRPC Amdmt 7 (Issued 1 February 2013. This amendment came into force on 1 April 2013, except for clauses 3 and 4 – into force on 30 June 2013 and clause 6 – into force on 29 March 2013). - CRPC Amdmt 7 - Final information paper CRPC Amdmt 8 (Issued 7 May 2013. This amendment came into force on 30 June 2013). - Amdmt 8 - information paper
2014	CRPC Amdmt 9 (Issued 21 July 2014. (This amendment came into force on 1 September 2014). - CRPC Amdmt 9 – information paper - CRPC Amdmt 9 – Background paper for submitters
2015	CRPC Amdmt 10 (Issued 5 October 2015. This amendment came into force on 5 November 2015). - CRPC Amdmt 10 – information paper
2017	CRPC Amdmt 11 (Issued 25 August 2017. This amendment came into force on 28 September 2017). CRPC Amdmt 12 (Temporary) (Issued 20 September 2017. This amendment came into force on 28 September 2017 and expired on 18 September 2018).
2018	CRPC Amdmt 13 (Issued 15 August 2018. This amendment came into force on 18 September 2018). CRPC Amdmt 14 (Issued 6 November 2018. This amendment came into force on 1 April 2019, apart from some clauses - CRPC Amdmt 14 – information paper - Comprehensive Credit Reporting Six Years On: Review of the Operation of Amendments No 4 and No 5, April 2018 - Credit Reporting Privacy Code Review: Miscellaneous Issues, May 2018

Consolidated version of the CRPC 2004 incl. amdmts up to and including Amdmt No. 14 (consolidated as at 28 September 2017).

*A note about 2012 changes

Major changes to New Zealand's credit reporting system came into effect on 1 April 2012. The first change to the law allowed a "positive" credit reporting system to operate in the country for the first time. Until then, New Zealand had run a negative credit reporting system that recorded defaults, bankruptcies and court judgments.

The second key change would enable consumers to “freeze” their credit reports if they are a victim of fraud. This is also called “suppressing” credit reports. It will protect people at risk from having new credit accounts opened in their name.

Other changes that came into effect included:

Credit reporters prohibited from listing small defaults of less than $100 - traditionally an area of consumer dispute;

Credit providers permitted to use credit reports to "pre-screen" direct marketing lists - to help ensure that marketing for new credit products was responsible and not sent to those who could not afford more debt; and
Credit reporters would be required to send annual compliance reviews or assurance reports to the Privacy Commissioner to encourage systematic improvements to procedures to safeguard credit information and to maintain public confidence in the system.