Reading time: 5 minutes

Credit reports detail sensitive information. As a result, privacy protection should be a priority for business owners. Details in a credit report can affect your commercial prospects and business access, so a privacy breach involving this information can be extremely detrimental. However, credit reporting agencies can collect, store and use your business’ credit information. Therefore, this article will explain your New Zealand business’ privacy rights in credit reporting.

General Privacy Rights

The Privacy Act is the primary law in New Zealand that governs privacy-related matters. In particular, it protects individuals’ personal information.

Personal information includes any information that can identify an individual. This definition includes:

  • names;
  • email addresses;
  • IP addresses;
  • credit card and other financial details;
  • physical addresses;
  • mobile numbers; and
  • photographs.

In most cases, your business itself will not have privacy rights, but you will have privacy rights as an individual. Indeed, you may run your business in a personal capacity, such as through a sole trader or partnership structure. In that case, you will have specific privacy rights that credit reporting agencies need to observe and protect. These requirements will be similar those that you need to meet as a business dealing with customers’ personal information.

Credit reporting agencies will still need to safeguard confidential information according to the law if you run a company.

Additionally, extra codes on top of the Privacy Act apply to any unique personal information that specific industries may deal with. These industries range from Civil Defence and emergency management, to credit reporting and telecommunications.

Do Credit Reporting Agencies Have Extra Restrictions?

Credit reporting agencies need to comply with the Credit Reporting Privacy Code. These rules impose additional restrictions and duties on credit reporting agencies, specific to the kind of information they deal with. In particular, on top of general personal information, credit reporting agencies deal with a specific kind of personal information. This is known as credit information. Credit information refers to any identifying information relating to credit information and can include:

  • employer information;
  • credit accounts, including credit limits and history;
  • details of defaults;
  • insolvency information;
  • access logs; and
  • credit scores.

Like your business, credit reporting agencies have certain rules they must follow when dealing with this information. This article discusses some of these rules below, but it is by no means an exhaustive list.

When Collecting Information

Agencies can only collect information for a lawful purpose relating to their credit reporting activity. Therefore, they must lawfully collect it directly from the individual concerned, unless there is an applicable exception. In addition, they need to take reasonable steps to ensure you know that they are collecting your information. Finally, they must detail information about their collection methods in a statement on their website.

When Using Information

Before using credit information, credit reporters need to ensure that it is:

  • accurate;
  • up to date;
  • relevant;
  • complete; and
  • not misleading.

This requirement is especially true when they share your credit information. Indeed, credit reports are legally allowed to distribute your credit information to certain parties (usually prospective credit providers).  

For example, a credit reporter will typically need your consent to share your credit information with prospective landlords and employers. However, they will not need your permission to share your information with debt collectors in debt enforcement proceedings.

Finally, you also have information suppression rights if you think you have been the victim of fraud.

When Storing Information

Any credit reporter that keeps or stores information needs to implement reasonable safeguards to protect your credit information against:

  • loss;
  • misuse; or
  • unauthorised use, access, disclosure, or modification.

The Code lays out specific measures for this, including:

  • written policies and procedures for staff;
  • regular monitoring and updates;
  • authentication controls, such as passwords and user credentials; and
  • appropriate staff training around information security.

Additionally, credit reporting agencies cannot keep information for longer than is necessary. In particular, certain kinds of credit information have specific time limits for retention that creditor reporters need to observe. This commonly applies to bankruptcy information.

Your Privacy Rights

Furthermore, you have the right to access any personal information a credit reporter has about you and correct that information. In most cases, they must give you this information and cannot delay doing so unnecessarily. However, some exceptions to this rule mean they do not have to make corrections, as long as they provide reasons for their decision.

Additionally, suppose you think that a credit reporting agency has breached one of the rules of the Code, or the Privacy Act in general. In that case, you can complain to the Privacy Commissioner. The Privacy Commissioner has the power to investigate privacy breaches. However, your best bet is to contact the credit reporter first, as they should have an accessible complaints procedure.

Key Takeaways

If you operate your business personally, then you have privacy rights as an individual that credit reporting agencies will need to observe. If you would like more information or help with your privacy and credit reporting agencies, contact LegalVision’s data, privacy, and IT lawyers on 0800 005 570 or fill out the form on this page.

Frequently Asked Questions

What is credit reporting?

Credit reporting refers to the collection of information about your credit history, which relates to paying bills and managing debt. Credit reporting agencies, such as Equifax, collect this information.

What is personal information?

Personal information is any information that can identify a living person, whether on its own or in combination with other data. Examples include names, email addresses, and financial details.

About LegalVision: LegalVision is a commercial law firm that provides businesses with affordable and ongoing legal assistance through our industry-first membership.

By becoming a member, you'll have an experienced legal team ready to answer your questions, draft and review your contracts, and resolve your disputes. All the legal assistance your business needs, for a low monthly fee.

Learn more about our membership

Need Legal Help? Submit an Enquiry

If you would like to get in touch with our team and learn more about how our membership can help your business, fill out the form below.

Our Awards

  • 2019 Top 25 Startups - LinkedIn
  • 2020 Innovation Award 2020 Excellence in Technology & Innovation Finalist – Australasian Law Awards
  • 2020 Employer of Choice Award 2020 Employer of Choice Winner – Australasian Lawyer
  • 2020 Financial Times Award 2021 Fastest Growing Law Firm - Financial Times APAC 500
  • 2021 Law Firm of the Year Award 2021 Law Firm of the Year - Australasian Law Awards
  • 2022 Law Firm of the Year Winner 2022 Law Firm of the Year - Australasian Law Awards