The Privacy Act 1988 introduced sweeping legislative protection for consumer’s and individuals’ personal information. The Act has ten National Privacy Principles (NPP) which apply to parts of the private sector.
The Act imposes significant obligations in relation to the collection, storage, accuracy, use, disclosure, access, retention and security of personal information in conventional, electronic and digital environments. ‘Personal
information’ encompasses any information that would enable an individual to be identified.
What we must do to protect your privacy:
1) Ensure we are fully conversant with our obligations under the NPP.
2) Ensure that our staff and sub-contractors are fully aware of our obligations under the NPP.
3) Ensure that only authorised persons have access to personal information held by us in our systems and files.
4) Ensure that we use the Consent to Disclose Information form on each and every occasion when dealing with applicants.
5) Ensure that we are storing the Consent Form safely and securely for a period of 7 years.
6) Ensure we have all the latest application forms with NPP consent clauses.
7) Only store information with consent of the individual and ensure that such consent is always held and readily available.
8) Regularly review our privacy compliance.
9) Regularly change access codes to systems and other areas where personal information is stored.
10) React quickly, effectively and courteously to all complaints on privacy and complete the Complaints Handling form if a complaint is made.
11) Review who has access to personal information stored in our systems and premises.
12) Review all marketing and promotional campaigns to ensure full compliance with the NPP.
13) Have procedures in place permitting individuals access to their personal information should they request access.
14) Dispose of personal information in a secured manner.
15) Review any newsletters or mass correspondence to ensure compliance with NPP.
16) Continue to educate staff on NPP principles.
To protect your privacy, we must NOT:
1) Lodge an application to a lender or credit assessor without a completed and signed lender Privacy statement form.
2) Collect personal information unless specifically used for the primary purpose of a loan approval.
3) Pass personal information onto third parties without the consumer’s consent.
4) Store personal information based on personal opinions without consent.
5) Deal with third parties involved with information transfer unless you have evidenced their compliance to NPP.
6) Store or dispose of personal information that may allow unauthorised access.
7) Collect any personal information on an individual with reference to the following:
• Racial or ethnic origin
• Political opinions
• Membership of a political association
• Religious beliefs or affiliations
• Membership of a professional or trade association
• Membership of a trade union
• Sexual preferences or practices
• Criminal record
• Health information
How we Secure your Information:
We have an obligation to ensure the integrity of our information systems. Part of this involves an annual review of your systems against a number of parameters set out in ASIC Regulatory Guide 205.
As a large part of our information platform may involve our aggregator Connective’s system, Mercury, and have been assisted in our compliance efforts by being provided with the following certification as to Mercury’s own system’s integrity.
Connective have performed our own system review and determined that:
1. Connective’s information security practices remain consistent with world-class good practices;
2. Their systems remain current and relevant to the finance broking context;
3. Their disaster recovery and business continuity practices have recently been upgraded to the new Australian Standard AS/NZS5050:2010;
4. Hardware continues to be upgraded to support the numbers of users on the system;
5. Such reviews and upgrades include a consideration of system response times and outage history;
6. Also considered is the relevance of system-related complaints received through their help desk.
Do you have any concerns?
You are always welcome to speak directly to our privacy officer and she will do her best to resolve your issue. If investigation is required we will keep you advised of progress. If we are unable to resolve the matter, it will be escalated as appropriate to facilitate resolution.
Our Privacy Officer is