Our website uses cookies so we can analyse our site usage and give you the best experience. Click "Accept" if you’re happy with this, or click "More" for information about cookies on our site, how to opt out, and how to disable cookies altogether.

We respect your Do Not Track preference.

A man complained to our office after a temporary employment agency conducted a credit check on him for a role involving no financial risk.

Under the Credit Reporting Privacy Code 2004, a prospective employer can only access an employee’s credit information for roles involving ‘significant financial risk,’ see rule 11(2)(b)(iii) of the credit code. The applicant was signed by the temporary employment agency for a short contract at a client’s call centre.

The complaint

The man said he found it disturbing that the company had accessed his private financial records and it had caused him stress and humiliation.

His complaint raised issues under principle 1 of the Privacy Act 1993.

Principle 1

Principle 1 provides that personal information may only be collected by an agency when the collection is for a lawful purpose relating to a function or activity of that agency. The collection of personal information must be necessary for that purpose.

In this instance, the man did not believe the collection of his credit information was necessary for the role he was applying for, as it did not deal with money. The information the man would be dealing with at the call centre was not sensitive.

As part of the application process, the man had signed a form agreeing to the credit check. The fact that he agreed to the credit check did not alter the responsibility on the agency to comply with principle 1 as there is not a consent-related exception to that principle.

The response

We contacted the temporary employment agency. The agency said that it was standard practice to perform a credit check. They also said the contract had required them to do so.

In this instance, the employment agency’s client had asked the agency to ensure that the contractors hired did not have any ‘criminal convictions or credit worthiness issues.’ The employment agency argued that a credit check was a necessary part of the screening process because the nature of the call centre work involved handling highly sensitive information from the public.

Conclusion

We did not accept this interpretation and concluded that the employer had breached principle 1 of the Privacy Act, since the role did not involve significant financial risk. Even if there was a contractual term that requested a credit check, the employer was still obliged to comply with the requirements of principle 1.

However, although we accepted there had been a breach of principle 1, we did not accept the claim that the collection of the man’s credit information had caused him significant harm, as required by section 66(1)(b) of the Privacy Act. On that basis, we did not find that there had been an interference with the man’s privacy.

We provided the man with a certificate of investigation and told him he was free to pursue the matter before the Human Rights Review Tribunal. We then closed the file.