This is a continuation of the two-part series on the topic to conclude it.
Before disclosing personal information about a debtor to a recipient overseas, the collector must take such steps as are reasonable in the circumstances to ensure that the overseas recipient does not breach the APPs (Australian Privacy Principles) in relation to that information. Caution should be exercised when leaving messages for the debtor that may be seen or accessed by external parties, for example:
Business cards or other documentation should not be left for the debtor in any open manner that would allow a third party to infer the nature of your reasons for contacting the debtor. Voicemail messages should be phrased so as to avoid a third party inferring the nature of your interest in contacting them, and at no stage should contact be made by a debtor’s social media account that would compromise the debtor’s privacy.
What you should do with the debtor’s personal information
It is imperative that you remember to;
Take reasonable steps to ensure that the personal information being collected is accurate, relevant, complete and up-to-date. Before using or disclosing the personal information, having regard to the purpose of doing that, take reasonable steps to ensure the information fulfils those conditions.
If personal information is kept for any time, ensure it is secure against misuse, tampering or loss by you and any other people.
If the information is no longer needed for any purpose or required by law or a court to be retained, take reasonable steps to destroy it or permanently de-identify the record.
The debtor has a right to access and correct the personal information collected and certain procedures must be followed to provide for that.
Rights of third parties
Collectors also have privacy obligations to third parties who they collect personal information from. Under APP 3, the personal information of third parties may only be collected if this is reasonably necessary for one or more functions or activities of the collector. Third parties must also be involved if their personal information is collected.
Obligations regarding consumer credit reports
Part IIIA of the Privacy Act regulates the handling of personal information contained in consumer credit reports. Providers of credit should be wary of what information from a credit report is made available to you to recover a debt and ensure that defaults are only listed if the information is correct.