The conduct of Building Societies and Credit Unions is governed by their respective Codes of Conduct. The Codes apply where an individual for personal, domestic or household purposes makes a deposit or obtains a loan or other facility. But it doesn't apply to a number of services, including one involving a bill of exchange, an insurance or financial planning product or service and credit without prior agreement.
Codes acknowledge privacy duties under legislation, specifically the
Privacy Act 1988. The Codes also expressly provide for
compliance with the requirements of the Credit Reporting Code of
Conduct issued by the Privacy Commissioner.
The Codes allow for the disclosure of customer or member information to a Related Entity:
as far as it is necessary to enable an assessment of the total liabilities of the customer/member to the Related Entity and the Credit Union or Building Society; and
if a Related Entity of a Building Society or Credit Union provides financial services which are related or ancilliary to those provided by the Building Society or Credit Union, in which case disclosure can be made unless the customer/member instructs the Building Society or Credit Union not to do so. Customers/members must be informed that they have the right to give this instruction. This right to opt out is not limited to disclosure for marketing purposes.
Under the codes:
Information relating to customers/members must not be collected by unlawful means.
Customers/members must be provided on request with information about them which is readily accessible by the Building Society or Credit Union and which may lawfully be provided. However, this is limited to the records of the customer's/member's address, occupation, marital status, age, sex, accounts with the Building Society or Credit Union and balances and statements relating to those accounts. The Building Society or Credit Union may recover reasonable costs for supplying this information.
A customer/member may request that information held by the Building Society or Credit Union be corrected. Such requests must be dealt with within a reasonable time.
A Building Society or Credit Union must not collect or use customer/member information that relates to political, social or religious beliefs or affiliations, race, ethnic origins or national origins, or sexual preferences or practices unless it does so in accordance with the Code for a proper commercial purpose. A Building Society may not disseminate such information in any circumstances. A Credit Union may disseminate such information in accordance with its Code for a proper commercial purpose.
Building Societies and Credit Unions must take all reasonable steps to protect personal information held by them relating to a customer/member against loss, and against access, use, modification or disclosure that is unauthorised. The Credit Union Code requires all Credit Union staff with access to personal information concerning members to maintain confidentiality concerning that information.
In addition, the Credit Union Code acknowledges the general law duty of confidentiality and specifies its four exceptions.