The commissioner's investigation found that up until November last year, Credit Simple was using credit information in its direct market practices, such as emailing consumers with offers based on their credit information.
Since then, and despite changes to its market practice, Credit Simple's marketing remained non-compliant, the investigation found.
It bundled consumer authorisations, contrary to code requirements, by presenting an opt-in option to consumers to receive promotional offers when the consumer authorised the use of credit information to establish a Credit Simple account.
Edwards said he had given Illion and Credit Simple an opportunity to address the issues raised in the report, before he would consider further action.
A spokesman for Illion said based on external legal advice it had understood it was operating in a manner compliant with the code.
"There have been no information breaches and the OPC's [Office of the Privacy Commissioner's] review was not as a result of a customer complaint. We have fully co-operated with the inquiry at all times."
He said the regulator's ruling was very technical in nature, and the result of many month's debate.
"While we are disappointed to have been found to be in contravention of the rules, we value good regulatory relationships and will ensure we comply with the ruling. As a result, unfortunately Credit Simple New Zealand will no longer provide offers to our members."
