Attention Commercial Credit Providers – Deadline Looms and Uncertainty on EDR

18 February 2015
Practice Group(s):
Consumer Financial
Attention Commercial Credit Providers – Deadline
Looms and Uncertainty on EDR
Australia Consumer Financial Services Alert
By Andrea Beatty and Jim Bulling
Commercial credit providers (CCPs) may be required, by the current Australian privacy
laws, to join an external dispute resolution (EDR) scheme (EDR scheme) by 12 March
2015 if they wish to continue participating in credit reporting.
Significant privacy reforms commenced in March 2014. These reforms required CCPs,
who participate in credit reporting, to be a member of an approved EDR scheme.
Due to practical issues in doing this, a regulation1 was made, suspending the
requirement for CCPs to be members of an approved EDR scheme until 12 March 2015.
That date is now fast approaching.
The definition of ‘credit provider’ under the Privacy Act 1988 (Cth) is broad and includes
an organisation or small business (supplier) that carries on a business in the course of
which the supplier defers payment for goods or services for at least seven days.
Whether the exemption will continue, is being considered by the Attorney General. While
we understand that the Attorney General's Department (AGD) has provided a report to
the Attorney General in relation to this issue, the Attorney General has not yet considered
that report. The AGD has indicated that the matter will be resolved before the 12 March
This uncertainty places CCPs who participate in the credit reporting system in a difficult
timing position.
If the exemption lapses, CCPs, who are not members of an approved EDR scheme, will
not be able to obtain credit reports from, or provide credit information to, credit reporting
bodies until they join an EDR scheme.
Both the Financial Ombudsman Service (FOS) and Credit and Investments Ombudsman
(CIO) (which was formerly known as the Credit Ombudsman Ltd or COSL), are approved
EDR schemes.
CIO is accepting memberships from CCPs. CIO made changes to its rules last year to
deal with this issue. The rules changes, amongst other things, allow some CCPs to
"comply with the new Privacy Act requirements regarding EDR membership without
having their other (non-privacy-related) activities subject to COSL's (now CIO's)
jurisdiction" (see It does not appear that FOS has made a similar rule
change that would also exclude non privacy activities from its jurisdiction.
We recommend that commercial credit providers watch developments in relation to this
issue closely.
Please contact us if you require further clarification on any of the above.
The Privacy Amendment (External Dispute Resolution Scheme – Transitional) Regulation 2014.
Attention Commercial Credit Providers – Deadline Looms and Uncertainty
on EDR
Andrea Beatty
Jim Bulling
Anchorage Austin Beijing Berlin Boston Brisbane Brussels Charleston Charlotte Chicago Dallas Doha Dubai Fort Worth Frankfurt
Harrisburg Hong Kong Houston London Los Angeles Melbourne Miami Milan Moscow Newark New York Orange County Palo Alto
Paris Perth Pittsburgh Portland Raleigh Research Triangle Park San Francisco São Paulo Seattle Seoul Shanghai Singapore
Spokane Sydney Taipei Tokyo Warsaw Washington, D.C. Wilmington
K&L Gates comprises more than 2,000 lawyers globally who practice in fully integrated offices located on five
continents. The firm represents leading multinational corporations, growth and middle-market companies,
capital markets participants and entrepreneurs in every major industry group as well as public sector entities,
educational institutions, philanthropic organizations and individuals. For more information about K&L Gates or
its locations, practices and registrations, visit
This publication is for informational purposes and does not contain or convey legal advice. The information herein should not be used or relied upon
in regard to any particular facts or circumstances without first consulting a lawyer.
© 2015 K&L Gates LLP. All Rights Reserved.