(1) A person may —
(a) request from a credit bureau a credit report or any value added product in respect of a data subject; or
(b) inquire from a credit bureau credit information in respect of a data subject.
(2) Subject to subsection (3) and in accordance with the Regulations, every credit report in respect of a data subject issued by a credit bureau shall contain information that —
(a) is processed from credit information furnished by the appropriate credit information providers in accordance with this Act; and
(b) is valid, up-to-date, fit-for the purpose, accurate and relevant.
(3) A credit bureau shall not include, in a credit report —
(a) information relating to any judgment against a data subject in relation to a judgment creditor unless mention is made of —
(i) the amount of the judgment;
(ii) the age of the judgment; and
(iii) the name and, if available, the address of the judgment creditor or the agent of the judgment creditor at the date of entry of the judgment;
(b) information regarding the race, religion, creed, colour, medical information, ancestry, ethnic origin or political affiliation of a data subject or any other sensitive or personal information of a data subject; or
(c) information retained in contravention of section 25.
(4) A credit bureau shall not —
(a) provide any report that lists all data subjects with good payment history unless there is a permissible purpose regarding such listing; or
(b) omit from any credit report of a data subject any information that can impact the ability of the data subject to access credit.
(5) A credit bureau shall —
(a) adopt all reasonable procedures to ensure that every credit report issued by that credit bureau is accurate, timely and sufficient; and
(b) have rigorous standards of security and reliability regarding the credit report.
(6) A credit bureau commits an offence if the credit bureau fails to comply with subsection (3), (4) or (5) and is liable, on summary conviction, to a fine not less than $10 000 but not exceeding $100 000.