Released every month our debt collection blog contains news, stories and tips to keep you informed.
It is being reported by the Sydney Morning Herald that electoral roll data of more than 16 million Australians is allegedly being used by buy now, pay later providers, betting agencies, marketing firms and debt collectors to identify individual consumers.
Data allegedly obtained from a data marketing company, Illion, allows companies such as Afterpay to match identities to addresses as it processes customers. The data is allegedly being accessed under recent changes to the Anti-Money Laundering and Counter-Terrorism Financing Act.
Historically, prior to changes to the way the electoral roll was accessed, the roll was being used by debtor collectors (among others), for the purpose of making enquiries to locate a debtor or verify that a debtor may be residing at an address prior to commencing further action. Changes to the laws prohibited the search of the electoral roll for this very purpose, specifically stating that information contained in the roll is protected information and that such protected information shall not be used for a commercial purpose.
The Australian Electoral Commission would not comment on whether use of the data by the companies involved was appropriate with enquiries being directed to Home Affairs.
In accordance with the Act, LCollect do not access electoral roll data for any commercial purpose and only monitor accounts on legally available search facilities complying with the requirements of the Privacy Act 1988 (Cth).
Authorities in China are trialling a new app which will enable users to check on their debt status according to ABC News.
The app, which is an add-on to Chinese social media platform, WeChat, has been rolled out in the Hebei province earlier this year. Nicknamed the "Deadbeat Map" the programs allows users to pinpoint the location of those who have failed to pay their debts within a 500 metre radius. Tapping on a person marked on the map reveals personal information about the individual including their name and the reason why they have been placed on the financial blacklist. Other information such as home addresses and identity card numbers are also partially shown.
The launch of the app has not been without criticism with many raising privacy concerns over the app. A representative of the Hebei Higher People's Court said in a statement, "The development and application of the map can further realise the connection and sharing of information on debtors and create a social honesty framework that limits those who lose their credibility in many ways." In response Delia Lin, a senior lecturer in Chinese studies at the University of Melbourne, said, "This is dangerous — it encourages people to take the law into their own hands. The people who cannot pay their debt because they are too poor, then who will be subject to this kind surveillance and this kind of public shaming. Basically, society becomes a virtual prison — instead of going to jail, those people's personal lives, and even their children's personal lives, are being affected."
China has been developing a social credit score system since 2011 with the aim of separating the "trustworthy" from the "disobedient" with behavour ratings then used to determine access to services ranging from transport to loans. Since its launch more than 18 million people have been banned from flying and 5.5 million prevented from buying rail tickets as a result of their debts.
Cash Converters has again found itself in the spotlight for all the wrong reasons with ASIC finding that the company failed to meet regulatory guidelines and breaching the ASIC and ACCC Debt Collection Guidelines.
An ASIC investigation found that the pay day lender routinely breached the frequency of contact guidelines of 3 times per week or less than 10 times a month -
5. Frequency of Contact
(c) Unnecessary or unduly frequent contacts may amount to undue harassment of a debtor. We recommend that you do not contact a debtor more than three times per week, or 10 times per month at most (when contact is actually made, as distinct from attempted contact) and only when it is necessary to do so. This recommendation does not apply to face-to-face contact which is specifically addressed below.
The investigation also uncovered that a related company, Safrock Finance Corporation (QLD), was also found to have provided incorrect information to a credit reporting agency. The error resulted in 38,500 customer being reported inaccurate amount owing over a 1 month period. According to ASIC the financier has since worked with Equifax to ensure all incorrect credit listings have been removed.
ASIC has since imposed licence conditions on Cash Converters which includes outsourcing all of their debt recovery to a 3rd party collection agency and must seek consent from ASIC prior to bringing these activities back in-house.
In retribution this time around, Cash Converters has paid $650,000 in community benefits payments to the National Debt Helpline for breaching the Guidelines.
Peter Kell, ASIC Deputy chair, said in a statement to the media, "Consumers expect to be treated fairly and in a manner that complies with consumer protection laws. ASIC expects all financial service providers to have appropriate systems and controls in place to ensure that debt collection practices are consistent with the guidelines. It is also critical that licensees ensure that credit information provided to credit bureaus is accurate."
This is not the first time that Cash Converters has been investigated by ASIC. You may recall that in our May 2017 blog post that Cash Converters were fined and paid $1.35 million in penalties for breaching responsible lending conduct provisions and refunded consumers $10.8 million in fees through a consumer remediation program.
You can download a copy of the ASIC and ACCC Debt Collection Guidelines from their website.
Source: TheAdvisor - May 2018
With the new cyber data breach notifications having come into effect from 22 February a study by Xpotentia shows that up to 124,000 businesses over the $3 million threshold are not ready for the new rules.
Businesses with an annual turnover of more than $3 million that trade in personal information must notify affected individuals of any data breach that is likely to result in "serious harm". The business must also inform the Office of the Australian Information Commissioner ("OAIC"). A failure to comply may incur penalties of up to $420,000 for an individual and $2.1 million for companies which has triggered warnings that a failure to notify the OAIC could result in some businesses being made bankrupt.
The Xpotentia study noted a significant number of data breaches over the years with a survey in 2017 by Telstra showing 59% of Australian companies had detected a data security breach on a monthly basis. The study also showed that 1 in 4 Australians were targeted by hackers last year with almost 50,000 Australians and 5,000 public servants from the Department of Finance, the AEC and NDIS all having data exposed after a security breach by a private contractor.
Xpetentia Managing Director, Sorina Toma said of many small businesses, "They might actually have their entire customer data base on a simple PC. You are talking about businesses that employ 10 to 12 people and they have a few computers and they are totally exposed. A lot of the time, a small business might not know a breach has happened". Mr Toma recommended that many small businesses look at securing their data with additional software and hardware such as firewalls and encouraged business owners to invest in a chief information security officer to identify threats and vulnerabilities.
Cyber Security Minister, Angus Taylor, said, "Not knowing how to protect client or customer data is becoming a poor excuse. There is a lot of information now available on cyber security. The onus is with business operators, with organisations and with government agencies, to put measures in place to reduce the risk of data breaches.”
Learn more about the changes, preparation and response at Data Breach Preparation and Response - A Guide to Managing Data Breaches in Accordance with the Privacy Act 1988.
Source: The Australian - February 2018
The Credit & Investments Ombudsman ("CIO") has this month released a new fact sheet, "Credit Reporting: Enquiries".
The fact sheet covers:
The Office of the Australian Information Commissioner ("OAIC") has recently published new draft resources for the Notifiable Data Breaches ("NDB") scheme which commences on 22 February 2018.
The resources include:
It has now been 3 years since we covered the process involved in recording a payment default with a Credit Reporting Body ("CRB") such as Equifax.
While the process has not changed we believe that it would be an ideal time as a refresher for those that may not be familiar with the process.
Assuming that a clause exists in your Contract or Agreement to record a payment default with a CRB, any debt regulated by the National Consumer Credit Protection Act 2009 (Cth), must be issued with a series of code compliant Notices before a payment default can be recorded.
SECTION 88 DEFAULT NOTICE & FORM 12A
What Is It?
The s88 Default Notice advises the customer that their account is in arrears, the amount currently in arrears and the time in which they have to remedy the default. The Form 12A which is attached to the s88 Default Notice provides the customer with information about their rights including information about financial hardship and the dispute resolution options available.
When It Must Be Given
The s88 Default Notice must be issued 30 days prior to commencing enforcement action. This includes listing default information with a CRB. The CR Code recommends that an additional 5 days be added (35 days in total) for postage.
Can It Be Combined?
The s88 Default Notice can be combined with a s6Q Notice however it cannot be combined with a s21D Notice.
SECTION 6Q NOTICE (PRIVACY ACT)
What Is It?
The s6Q Notice informs the customer of the overdue payment amount and requests payment of that amount. This Notice indicates to the customer that the amount can be reported to a CRB once that amount is 60 days overdue.
When It Must Be Given
The s6Q Notice must be given prior to disclosing default information to a CRB.
Can It Be Combined?
The s6Q Notice can be combined with the s88 Default Notice however it cannot be combined with a s21D Notice.
SECTION 21D NOTICE (PRIVACY ACT)
What Is It?
The s21D Notice advises the customer that the credit providers intends to disclose default information to a CRB.
When It Must Be Given
The s21D Notice must be given at least 14 days prior to disclosing information to a CRB and not more than 3 months prior to disclosure.
Can It Be Combined?
The s21D Notice cannot be combined with a s88 Default Notice or s6Q Notice.
Earlier this month we received an enquiry where a Judgment had not been removed from a credit file. As the process hasn't changed for some time we thought that we would investigate this further.
Historically if a Notice of Discontinuance was filed, Veda Advantage would remove the adverse Judgment from the credit file once notification from the Court was received.
With the introduction of Comprehensive Credit Reporting we believe that Veda Advantage found this to be inappropriate as this avenue could potentially allow a previously bad debtor to be advanced further credit and significantly improve their risk profile which has the potential to mislead a future credit provider.
Having made enquiries we have confirmed that Veda Advantage have made a recent decision not to remove Default Judgment from a credit file even after the filing of a Notice of Discontinuance or Consent Orders. This will effectively mean that any Default Judgment will remain on a credit file for the mandatory 5 years with no avenue for removal unless a complaint is lodged with the Office of the Australian Information Commissioner and it is proven that the Default Judgment was listed in error.
We will continue to monitor this situation as time goes on to ascertain if Veda Advantage change their stance.
The South Australian State Government currently has a public listing of names supplying details of debtors that have unpaid fines.
The listings, launched in 2014, currently lists 116 individuals and 2 companies that have failed to address their debt and have either failed to make payment in full or made payment arrangements. The list currently totals debts of $3.1 million with the average debt $26,295. Overall over $400 million in unpaid fines and defaults are owing. You can view the list here.
In addition to the "name and shame" file the South Australian State Government has also commenced seizing motor vehicles, vehicle clamping and referring debts to debt recovery companies. To date 4 vehicles have been seized with another sold in which to partly satisfy a debt.
We are assuming that after reasonable attempts to collect the debt have been undertaken that the debtor is given advance warning of the debt being recorded on a publicly available database so as every opportunity is afforded to the debtor to avoid what could be seen as public humiliation.
At the time of publishing the Office of the Australian Information Commissioner had not responded to a request for their take on publicly listing fine defaults.