Credit Reporting Privacy Code 2004 New Zealand Credit & Finance Institute luncheon Auckland, 21 February 2005 Presentation by Blair Stewart, Assistant.

Slides:



Advertisements
Similar presentations
Todd Frech Ocius Medical Informatics 6650 Rivers Ave, Suite 137 North Charleston, SC Health Insurance Portability.
Advertisements

HIPAA AWARENESS TRAINING
IMPS Information Management and Policy Services Information Services Directorate A briefing for all University staff November 2004 New Information Legislation.
Office of University Partnerships Office of Policy Development and Research U.S. Department of Housing and Urban Development Office of University Partnerships.
Data Security Breach Code of Practice. Data Security Concerns Exponential growth in personal data holdings Increased outsourcing 3 rd countries cloud.
Consumer Credit Reporting Webinar: Key issues in complaints handling.
WORLD BANK AMFA – Investors Fair Good Practices for Consumer Protection in Financial Services Baku, 7 October 2009 Juan Carlos Izaguirre Consultant Consumer.
Freedom of Information Act 2000 and the PCT Audit Procedure Background: The Act was passed in November The Act will be fully in force by January.
OMB Circular A133 Audits of States, Local Governments, and Non-Profit Organizations 1 Departmental Research Administrators Training Track.
Future Directions on Rent Regulation and Laws affecting Tenants Shelter, Housing and Support Division February 27, 2004.
The ABI and the Consumer Insurance (Disclosure and Representations) Act 2012 Judith Crawford Association of British Insurers.
1 Consultation Paper on The Regulation of Sponsors and Independent Financial Advisers 30 May 2003.

HEALTH INSURANCE PORTABILITY AND ACCOUNTABILITY ACT OF 1996 (HIPAA)
Revenue Audits Returns processed in a “non-judgemental” manner Revenue Audit of selected returns. Objective is to promote voluntary tax compliance. Audit.
Red Flags Rule & Municipal Utilities
Discussion on SA-500 – AUDIT EVIDENCE
L0505TE281 Ross Kent Task Force Member General Manager Alliance Capital New Zealand The Regulation of Financial Intermediaries in NZ Implications of The.
PRIVACY COMPLIANCE An Introduction to Privacy Privacy Training.
Plantemoran.com JANUARY 27, (r) Final Regulations.
1 New Zealand Captive Insurance Legislation – the future 11 May
Hong Kong Privacy Code on Human Resource Management
Introduction to the APPs and the OAIC’s regulatory approach Presented by: Este Darin-Cooper Director, Regulation and Strategy May 2015.
Current Developments at the PCAOB Ensuring Integrity: 3 rd Annual Auditing Conference at Baruch College December 4, 2008.
1. 2 CVM’s OBJECTIVES u to stimulate the creation of savings and their investment in securities; u to promote the expansion and regular and efficient.
IS Audit Function Knowledge
The role of the Office of the Privacy Commissioner in telecommunications Andrew Solomon Director, Policy.
Equal Credit Opportunity Act (ECOA) 2012
Employment Screening: CORI and Private Background Checks Presented by the Massachusetts Law Reform Institute 99 Chauncy St., Suite 500, Boston, MA
Personal Data Privacy and The Internet by Stephen Lau Privacy Commissioner for Personal Data, Hong Kong SAR at the Joint Conference of the OECD, HCOPIL,
Promoting Objectivity in Research by Managing, Reducing, or Eliminating Conflicts of Interest UT HOP UT HOP The University of Texas at Austin.
Information Commissioner’s Office: data protection Judith Jones Senior Policy Officer Strategic Liaison – public security 16 November 2011.
Personal Data (Privacy) Ordinance Hong Kong Personal Data (Privacy) Ordinance Hong Kong by Stephen Lau Privacy Commissioner for Personal Data Hong Kong.
Welcoming the Equality Act 2010 Equality Law Conference 8 December 2010 John Wadham Group Legal Director Equality and Human Rights Commission.
13 July 2006Susan Joseph Health Privacy It’s My Business Health Records Act 2001 (Vic) eReferral Service Co-ordination System.
Outsourcing Louis P. Piergeti VP, IIROC March 29, 2011.
HIPAA PRIVACY AND SECURITY AWARENESS.
International Auditing and Assurance Standards Board Communication with Those Charged with Governance ISA Implementation Support Module Prepared by IAASB.
Scandals (in the public and private sector)  Enron  Worldcom  Livent  Nortel  HRDC  Sponsorship Scandal.
Protecting information rights –­ advancing information policy The Australian Privacy Principles.
1 Office of the Privacy Commissioner for Personal Data Hong Kong SAR Tony LAM Deputy Privacy Commissioner for Personal Data Asian Personal Data Privacy.
Part 6 – Special Legal Rights and Relationships Chapter 35 – Privacy Law Prepared by Michael Bozzo, Mohawk College © 2015 McGraw-Hill Ryerson Limited 34-1.
Financial Services Privacy - the interaction of the privacy and financial services regulatory systems Chris Connolly Financial Services Consumer Policy.
Advanced Program in Auditing and Accounting Regulation Module 12 Enhancing Statutory Audit Quality from a Financial Regulator’s Perspective Presenter:
McGraw-Hill/Irwin © The McGraw-Hill Companies 2010 Audit Planning and Types of Audit Tests Chapter Five.
Asian Personal Data Privacy Forum, Hong Kong, 27 March Cross-border Data Matching Blair Stewart Assistant Commissioner Office of the Privacy Commissioner.
Audit and Audit Resolution Presented by Wendy Spivey ADECA Audit Manager.
1 REVIEW OF THE CODE OF BANKING PRACTICE 15 November 2001.
C HAPTER 34 Code Blue Health Sciences Edition 4. Confidentiality of sensitive information is an important issue in healthcare. Breaches of confidentiality.
Is Your Background Check Process Compliant?. 2 © Copyright 2015 ADP, LLC. Proprietary and Confidential Information. Agenda Privileged & Confidential.
An Introduction to the Privacy Act Privacy Act 1993 Promotes and protects individual privacy Is concerned with the privacy of information about people.
Top 10 Series Changes to HIPAA Devon Bernard AOPA Reimbursement Services Coordinator.
The Protection of Personal Information Bill 13 February
Building Industry Authority Determination 2003/3 Commentary Paul Clements.
Finance Directors Business Strategy Meeting 2003 Berkeley Court Hotel 18 February 2003.
Introduction to the Australian Privacy Principles & the OAIC’s regulatory approach Privacy Awareness Week 2016.
© Grant Thornton LLP. All rights reserved Meeting with Management and Those Charged with Governance Communications Related to the Audit of Delphi.
HIPAA Yesterday, Today and Tomorrow? Dianne S. Faup Office of HIPAA Standards Centers for Medicare & Medicaid Services.
Improving Compliance with ISAs Presenters: Al Johnson & Pat Hayle.
The FPP Test What you need to know Commercial Transport/Tourist Flight Operators Presentation AIA Aviation Week Conference July 2011.
Presented by: David Reid, DBA International
DOL Employee Benefit Plan Audits & How to Prepare
Presented by: Antony N. Gichia Regional Audit Center Mombasa
General Data Protection Regulation
APP entities (organisations)
Analysis of the Proposed Sunshine Rule: Legal Considerations
Notifiable data breaches Roundtable
G.D.P.R General Data Protection Regulations
Current Privacy Issues That May Affect Your Credit Union
Internal Control Internal control is the process designed and affected by owners, management, and other personnel. It is implemented to address business.
Presentation transcript:

Credit Reporting Privacy Code 2004 New Zealand Credit & Finance Institute luncheon Auckland, 21 February 2005 Presentation by Blair Stewart, Assistant Privacy Commissioner

Outline Presentation will cover Quick overview Origins of code, international context Changes to code following industry submissions Some of codes main features

Quick overview Code generally starts on 1 April clauses – affecting only credit reporters – start on 1 April 2005 (free access, internal complaints processes) So if youre not a credit reporter, you can relax, youve got plenty of time in hand ….

Origins of code, international context Timeline 1991 Privacy of Information Bill, provision made for codes 1993 Privacy Act 1996 industry proposals, initial work, hiatus 2000 work restarted, industry discussions etc July 2003 proposed code publicly notified Contd…

Timeline contd December 2004 code issued

International context Specific credit reporting regulation is quite usual Sometimes stand-alone with a consumer protection focus (e.g. USA), sometimes as part of a general privacy regime (e.g. Aust, HK) Objectives include granting rights, controlling behaviour, standardising compliance practices but also legitimising credit reporting which may otherwise be difficult to reconcile with, say, privacy law, banking confidentiality, defamation law

USA Example Fair Credit Reporting Act 1974 Updated by Fair and Accurate Credit Transactions Act 2003

Hong Kong Example Code of Practice on Consumer Credit Data (issued 1998, revised 2003) adopted under Personal Data (Privacy) Ordinance 1996

Australian Example Part 3A of Privacy Act 1988 (enacted 1990) supplemented by Credit Reporting Code of Conduct 1996 Relevance: ANZCER, 2 main consumer credit reporters having trans-Tasman presence, similar Privacy Acts A significant influence in development of code, observed benefits but also complexity and some rigidity

Australia/US/HK Code draws on Australia, US and HK models: generally similar to key Australian approaches (e.g. negative reporting) and some specifics (e.g. serious credit infringement) but with notable differences in particular areas (e.g. broader access) and less complex and prescriptive US-style statement of consumer rights, disclosure statements on websites HK audit requirements

Changes to code following submissions notified code – July 2003 …submission and consideration period… Issued code – December 2004 Note: paper available outlining changes

Changes continued Scope (move away from direct applicability to credit providers) Permitted classes of subscribers expanded (from credit providers only to include e.g. prospective landlords, prospective employers in some circumstances) Commencement date Dropping requirement to suppress during correction checks, substituting flagging requirement

Some features of the code Notes: bear in mind the codes definitions and the definitions in the Privacy Act: e.g. personal information; s.7 savings papers available on website Many of the codes requirements focus upon: –Accuracy –Transparency –Control

Features contd Free access from credit reporter (clause 7) Starts 1 April 2005 Reasonable charge can be made where expedited access is requested (within 5 working days) Modeled upon Australian law Removes barrier to access, can promote routine checking for accuracy before problems arise (subject as first auditor)

Features contd Internal complaints processes (clause 8) Credit reporters required, from 1 April 2005, to have internal complaints processes that meet certain standards enhance dispute resolution practices, low level, quick Any complaints escalated to external process (OPC) should at outset have issues identified, investigated and documented

Features contd All other aspects of code commence a year later on 1 April April 2006

A selection of features of note Title change reflects narrower application Review after 1 April 2008 subscriber: limited types, subscriber agreement, obligations Summary of rights: modeled after FCRA and FTC approach

A selection of features of note contd Limited information to be reported Largely the Australian (+existing NZ) negative reporting model I.e. ID + public record +adverse information However, also allows some non-negative data e.g. previous enquiries, amount of credit sought

A selection of features of note contd Controlled access Most access needs a subscriber agreement and authorisation of the subject

A selection of features of note contd Disclosure without subscriber agreement or individual authorisation: To individual concerned Statutory demands (s.7)

A selection of features of note contd Access with subscriber agreement but without specific individual authorisation: Debt collection Law enforcement, including tax Suspected insurance fraud

A selection of features of note contd Access with subscriber agreement and individual authorisation Credit application Prospective landlord*/prospective tenant Prospective employer*/prospective employee for pre-employment check for position involving significant financial risk Prospective insurer* for underwriting credit transaction * defined terms

A selection of features of note contd Access and correction rights (rules 6 and 7) Free access Details to be flagged as disputed while correction request being actioned

A selection of features of note contd Audit requirements (rules 5 and 8, Schedule 3) Credit reporter to implement a programme of compliance checks internally and with subscribers accessing database focusing upon: –Safeguarding against unauthorised access or misuse – accuracy of information Will involve subscribers

A selection of features of note contd Comparison controls Standard imposed requiring measures to be taken to minimise mis-matching

A selection of features of note contd Retention A default list of retention periods that are deemed compliant: generally 5/7 years Departure permitted but must be justified in event of complaint Credit reporters to display retention periods on their website

The future OPC intends that the code bring benefits in relation to accuracy, transparency and compliance Benefits can flow to subscribers as well as individuals Intended to publish a version of code with some commentary later in year Code is law, but much easier to change than statute, feedback welcomed and a formal review will follow

Office of the Privacy Commissioner PO Box 466 Auckland Website: Enquiries: Auckland or

Feedback: Privacy Policy Feedback
Do Not Sell My Personal Information
About project: SlidePlayer Terms of Service

© 2024 SlidePlayer.com Inc. All rights reserved.