Office of the Privacy Commissioner | Credit reporter and related company in breach of privacy code
An Office of the Privacy Commissioner inquiry has found the credit reporter illion (formerly known as Dun & Bradstreet) in breach of the Credit Reporting Privacy Code (the Code) because of the activities its related company Credit Simple performs through its arrangement with the credit reporter.
The Code places obligations on credit reporters but also ensures related companies are subject to the same obligations under the Code as credit reporters.
The Inquiry into illion’s Arrangement with its related company Credit Simple report found illion circumvented the application of the Code for marketing purposes.
Using credit information for marketing purposes is expressly prohibited under the Code unless the marketing activity falls within the permitted range.
The Code puts limits on arrangements with related companies to restrict the use of credit information in marketing activities. A credit reporter cannot use a related company to circumvent its obligations for marketing and direct marketing activities.
“The Credit Reporting Privacy Code was carefully set up to protect vulnerable consumers from marketing and to promote responsible lending. This arrangement between the two companies is designed to get around this prohibition and is in breach,” Privacy Commissioner John Edwards said.
The report’s findings are:
- Up until November 2019, Credit Simple was using credit information in its direct marketing practices such as sending direct marketing emails to consumers with offers based on their credit information.
- Despite changes to Credit Simple’s marketing practice, Credit Simple’s marketing remains non-compliant with requirements of the Credit Reporting Privacy Code.
- Credit Simple engaged in marketing that was prohibited by the Credit Reporting Privacy Code by providing promotional offers to consumers who registered with Credit Simple.
- Credit Simple’s marketing activity does not comply with the quotation enquiry exception under the Credit Reporting Privacy Code.
- Credit Simple bundled consumer authorisations, contrary to Code requirements, by presenting an opt-in option to consumers to receive promotional offers when the consumer authorised the use of credit information to establish a Credit Simple account.
Several amendments to the Credit Reporting Privacy Code in recent years have served to reinforce the restriction on the use and disclosure of the credit information for marketing purposes.
The Privacy Commissioner has given illion and Credit Simple an opportunity to address the issues raised in the report, before he considers further action.
A copy of the report can be downloaded and viewed here.
For more information: Charles Mabbett 021 509 735.