Destruction of credit reporting information in cases of fraud
(1) This section applies if:
(a) a credit reporting body holds credit reporting information about an individual; and
(b) the information relates to consumer credit that has been provided by a credit provider to the individual, or a person purporting to be the individual; and
(c) the body is satisfied that:
(i) the individual has been a victim of fraud (including identity fraud); and
(ii) the consumer credit was provided as a result of that fraud.
Destruction of credit reporting information
(2) The credit reporting body must:
(a) destroy the credit reporting information; and
(b) within a reasonable period after the information is destroyed:
(i) give the individual a written notice that states that the information has been destroyed and sets out the effect of subsection (4); and
(ii) give the credit provider a written notice that states that the information has been destroyed.
Civil penalty: 1,000 penalty units.
(3) Subsection (2) does not apply if the credit reporting body is required by or under an Australian law, or a court/tribunal order, to retain the credit reporting information.
Notification of destruction to third parties
(a) a credit reporting body destroys credit reporting information about an individual under subsection (2); and
(b) the body has previously disclosed the information to one or more recipients under Subdivision D of this Division;
the body must, within a reasonable period after the destruction, notify those recipients of the destruction and the matters referred to in paragraph (1)(c).
Civil penalty: 500 penalty units.
(5) Subsection (4) does not apply if the credit reporting body is required by or under an Australian law, or a court/tribunal order, not to give the notification.