Recognition as an EDR scheme by the OAIC

Since 12 March 2014, CIO has been recognised by the Office of the Australian Information Commissioner (OAIC) as an external dispute resolution (EDR) scheme for the purpose of handling privacy and credit reporting complaints under the Privacy Act 1988.

CIO members

Financial services providers (FSPs) who are already members of CIO will not need to join any other EDR scheme in order to continue to disclose credit information to a credit reporting body or to access such information.

Other credit providers

Under the Privacy Act 1988, from 12 March 2014, credit providers are required to be a member of an EDR scheme recognised by the OAIC before they are permitted to disclose credit information about an individual to a credit reporting body and thereby participate in the consumer credit reporting system.

The definition of  ‘credit provider’ under the Act is broad and includes an organisation or small business (the supplier) that carries on a business in the course of which the supplier defers payment for goods or services for at least 7 days. 

Credit providers may apply to be a member of CIO to satisfy this requirement.

The obligation to be a member of a  recognised EDR Scheme does not apply where the disclosure is made in connection with the provision of commercial credit.  

CIO also accepts membership applications from commercial credit providers because:

  1. some commercial credit providers may wish to join an EDR scheme despite having the benefit of the exemption, and
  2. certain commercial credit providers are not covered by the exemption; namely, trade creditors that also offer consumer credit to individuals by, for example, deferring payment for 7 days or more.