About Experian > About the information we hold

[pford]

just got the wifes credit report found a default on it now setled, sent them an email asking why it still there found this little bit on there web site

 

 

Can I prevent Experian from holding information about me?

 

No. In fact, we have a legal right to hold information about people. Credit reference agencies (Experian, Equifax, and Callcredit) help lenders quickly process credit applications. If we did not hold such information then it would be much harder for you to obtain credit. A good credit record makes it easier for you to get credit.

 

what legal right their having a laugh will wait for there reply

[hondamad21]

hi pford

 

I would be careful, as remember the do have the right to hold CIFAS (Fraud Prevention Service) and GAIN (Gone Away Information Network)

But good luck !!!

Hondamad

[Glenn UK]

Im not so sure thats not true, the legal right to hold information that is.

 

in truth I am not certain the DPA prevents people from using data in accordance with an agreement and if you have an account with the bank or cc company the data relates to, then they have the right to inform the CRA since its in the T&C you signed.

 

However, once they have that data i believe from the threads on here that they dont necessarily have the right to process that data especially if you withdraw that right from them formally.

 

Additionally if you dont have an account with the relevant bank then they cannot supply the CRA with data either since the data is supplied to the CRA under the T&C as part of a contract.

 

So it may be a weasily way with words to imply that they can do what they want without actually telling a lie.

 

Not that it makes much of a difference to us i guess.

 

JMHO

 

Glenn

[pford]

hi pford

 

I would be careful, as remember the do have the right to hold CIFAS (Fraud Prevention Service) and GAIN (Gone Away Information Network)

 

But good luck !!!

 

Hondamad

 

Who said anything about this was on about their Legal right to hold data on you for defaults?

[pford]

had a reply no luck yet will press on

 

Thank you for your email, which we received on 18 August 2006.

 

I note your comments and I can confirm that we keep defaulted accounts on your report for six years from the date of default. This is true whether or not the debt has been fully repaid.

 

Kind regards

 

 

 

Miss Jade E Martyn

Consumer Services Officer

CreditExpert

 

 

Response was this

On what grounds are you allowed keeping this information on my file for six

years as the contract has been settled?

[pford]

had a reply to my last email

 

 

Thank you for your email, which we received on 24 August 2006.

 

I note your comments and I would advise that this time period has is considered a reasonable amount of time by the Information Commissioner who regulates credit reference agencies such as ourselves. For further clarification you may which to contact the Information Commissioner at the below address:

 

The Information Commissioner: Wycliffe House, Water Lane, Wilmslow, SK9 5AF

 

Kind regards

 

 

 

Miss Jade E Martyn

Consumer Services Officer

CreditExpert

 

 

 

so i sent them this

 

Then can you please explain under which section of the Data Protection Act

there are grounds for you to hold this data for 6 years

 

 

[Tinkerbelle]

LOL.. Can't wait to see their reply to that.

 

I'd like to see them quote chapter and verse!

[pford]

ye me also will post it here when they do reply

[pford]

what a load of s*** got a reply to my request

 

 

Thank you for your email, which we received on 28 August 2006.

 

I note your comments and would advise that The Data Protection Act 1998 consists of eight principals. The fifth principal states:

 

"Data must not be kept for longer than necessary".

 

As per my previous correspondence, the Information Commissioner has decided that the period of six years is a necessary amount of time to hold this type of information.

 

Please do not hesitate to contact us should require any further assistance, alternatively should you have any further questions with regards to the length of time this information is held, you should contact the Information Commissioner using the contact details that I provided to you in my previous e-mail.

 

Kind regards

 

 

 

Miss Jade E Martyn

Consumer Services Officer

CreditExpert

 

Sent them this in reply

Took a few quote's out of surlybounds letter

 

After further investigation into this matter it has led me to conclude that the only six-year data ‘retention rule’, to which you may adhere to, is in relation to information in the public domain, e.g. Bankruptcy Orders/Discharges, IVAs, CCJs, etc. These are kept in the public domain for six years. But, these are sealed orders issued by a judge through the Courts who oversee the ultimate jurisdiction in all matters relating to Law, be it the criminal code or the Common Law. It is not up to Credit Reference Agencies, or lenders, to decide legal issues.

 

In addition, the agencies may also hold information that is deemed ‘in the public interest’ for the avoidance of credit fraud or deliberate repayment avoidance; I refer, of course, to CIFAS and GAIN entries on a credit file. My former account was not subject to any such marker, nor is my former civil contract with the HFC a public matter.

In my case, HFC is still processing data after the cancellation of the contract, whether or not this is a simple renewal process of the default flag, daily or by other timing factor. As that contract is no longer in situ, then my written permission has also ceased from the date of cancellation.

 

This is confirmed in Principle 2 of the Data Protection Act, which states:

"2. Personal data shall be obtained only for one or more specified and lawful purposes, and shall not be further processed in any manner incompatible with that purpose or those purposes."

 

I emphasise the term "specified and lawful purposes" as in ‘those specified within the contract’, and no more. I also emphasise the term "shall not be further processed".

[Tinkerbelle]

What a load of crap

 

I'd like to see that evidence where the Information Commissioner says Adverse Info MUST be kept for 6 years.

 

Yes, the quote you have supplied from SB's letter is the best one to use. Also rememebr that SB said they will kick up a fuss and claim that they can't remove the information, but so long as you keep badgering them they will eventually do it.

 

You may have to issue Court Papers to get them to comply, but hopefully after several rounds of letters from you they will just give up the will to live and remove the wretched thing.

 

At the end of the day it is not written down in law to say they can keep this - and I would love to see them prove otherwise in court. These people seem to think that Acts have been passed in Parliament for their benefit only..

[pford]

have a look at my post here Credit Explained this is where they think they got the right to hold this information for 6 years.

[pford]

they have to be having a laugh reply to my last email to them

 

Thank you for your email, which we received on 29 August 2006.

 

I note your comments and I would reiterate that the Information Commissioner regulates lenders and Credit Reference Agencies. The Information Commissioner has decided that it is necessary to hold credit account information for a period of six years therefore, should you dispute this time period, you should contact the Information Commissioner with your comments.

 

Kind regards

 

 

 

Miss Jade E Martyn

Consumer Services Officer

CreditExpert

 

[Tinkerbelle]

So they've practically admitted that they don't have a leg to stand on and are passing the buck.

 

What they are doing is not bound by law, so they are pretty dumb to think they can just pass the buck to the Information Commissioner and get away with it!!

 

The Information Commissioner has set a recommendation - bugger all else

 

I hope you have your £150 ready because it's looking like court time

[pford]

will wait and see what happens with the nottice i served on HFC in this thread not sure if i should forward the nottice to them

[Tinkerbelle]

ok cool... watching with interest

[pford]

now shall i send them this

 

Thank you for your comments on this matter so what you are telling me is that you do not have to abide by the Data Protection Act 1998 and it is the Information Commissioner who has made this decision. May I draw your attention to Section 10 & 12 of the Act, my written permission with HFC was terminated when the account was settled. Please note HFC have been served a Notice under these sections of the Data Protection Act 1998. For your convenience I have reproduced this section in full

 

10. - (1) Subject to subsection (2), an individual is entitled at any time by notice in writing to a data controller to require the data controller at the end of such period as is reasonable in the circumstances to cease, or not to begin, processing, or processing for a specified purpose or in a specified manner, any personal data in respect of which he is the data subject, on the ground that, for specified reasons-

 

(a) the processing of those data or their processing for that purpose or in that manner is causing or is likely to cause substantial damage or substantial distress to him or to another, and

 

(b) that damage or distress is or would be unwarranted.

 

(2) Subsection (1) does not apply-

 

(a) in a case where any of the conditions in paragraphs 1 to 4 of Schedule 2 is met, or

 

(b) in such other cases as may be prescribed by the Secretary of State by order.

 

 

3) The data controller must within twenty-one days of receiving a notice under subsection (1) ("the data subject notice") give the individual who gave it a written notice-

 

(a) stating that he has complied or intends to comply with the data subject notice, or

 

(b) stating his reasons for regarding the data subject notice as to any extent unjustified and the extent (if any) to which he has complied or intends to comply with it.

 

(4) If a court is satisfied, on the application of any person who has given a notice under subsection (1) which appears to the court to be justified (or to be justified to any extent), that the data controller in question has failed to comply with the notice, the court may order him to take such steps for complying with the notice (or for complying with it to that extent) as the court thinks fit.

 

5) The failure by a data subject to exercise the right conferred by subsection (1) or section 11(1) does not affect any other right conferred on him by this Part.

 

 

12. - (1) An individual is entitled at any time, by notice in writing to any data controller, to require the data controller to ensure that no decision taken by or on behalf of the data controller which significantly affects that individual is based solely on the processing by automatic means of personal data in respect of which that individual is the data subject for the purpose of evaluating matters relating to him such as, for example, his performance at work, his creditworthiness, his reliability or his conduct.

 

(2) Where, in a case where no notice under subsection (1) has effect, a decision which significantly affects an individual is based solely on such processing as is mentioned in subsection (1)-

 

(a) the data controller must as soon as reasonably practicable notify the individual that the decision was taken on that basis, and

 

(b) the individual is entitled, within twenty-one days of receiving that notification from the data controller, by notice in writing to require the data controller to reconsider the decision or to take a new decision otherwise than on that basis.

 

(3) The data controller must, within twenty-one days of receiving a notice under subsection (2)(b) ("the data subject notice") give the individual a written notice specifying the steps that he intends to take to comply with the data subject notice.

 

(4) A notice under subsection (1) does not have effect in relation to an exempt decision; and nothing in subsection (2) applies to an exempt decision.

 

(5) In subsection (4) "exempt decision" means any decision-

 

(a) in respect of which the condition in subsection (6) and the condition in subsection (7) are met, or

 

(b) which is made in such other circumstances as may be prescribed by the Secretary of State by order.

 

(6) The condition in this subsection is that the decision-

 

(a) is taken in the course of steps taken-

 

(i) for the purpose of considering whether to enter into a contract with the data subject,

 

(ii) with a view to entering into such a contract, or

 

(iii) in the course of performing such a contract, or

 

(b) is authorised or required by or under any enactment

 

7) The condition in this subsection is that either-

 

(a) the effect of the decision is to grant a request of the data subject, or

 

(b) steps have been taken to safeguard the legitimate interests of the data subject (for example, by allowing him to make representations).

 

(8 If a court is satisfied on the application of a data subject that a person taking a decision in respect of him ("the responsible person") has failed to comply with subsection (1) or (2)(b), the court may order the responsible person to reconsider the decision, or to take a new decision which is not based solely on such processing as is mentioned in subsection (1).

 

(9) An order under subsection (8 shall not affect the rights of any person other than the data subject and the responsible person.

 

SCHEDULE 2

 

 

CONDITIONS RELEVANT FOR PURPOSES OF THE FIRST PRINCIPLE: PROCESSING OF ANY PERSONAL DATA

 

• The data subject has given his consent to the processing.

• The processing is necessary-

(a) for the performance of a contract to which the data subject is a party, or

 

(b) for the taking of steps at the request of the data subject with a view to entering into a contract.

 

• The processing is necessary for compliance with any legal obligation to which the data controller is subject, other than an obligation imposed by contract.

• The processing is necessary in order to protect the vital interests of the data subject

[un1boy]

Hi there, I am a bit confused - have you sent the s10/12 request to HFC or to a Debt Collector? Is it with a Dent Collector?

 

Oh, and which email addresses are you using?

[pford]

was just trying to get some info out of the CCA on this thread just to try and see if they would admit anything sent the s10 & 12 nottice to HFC thats in another thread here about gettting my default removed by them.

[pford]

just emailed the cca with this lets see what answer they come up with this time.

 

 

Thank you for your time on this after further investigation into theData Protection Act (1998) Legal Guidance by the Information Commissioner

I have reproduced this section in full and can find no mention where it says you are allowed to keep this information for six years regarding the fifth principle of the act. As my former contract has now been settled With HFC.

3.5 Fifth Principle

 

“Personal data processed for any purpose or purposes shall not be kept for longer than is necessary for that purpose or those purposes”.

To comply with this Principle, data controllers will need to review their personal data regularly and to delete the information which is no longer required for their purposes.

Statutes may make specific provision relating to the retention of certain categories of data, for example, the Police and Criminal Evidence Act 1984. Recommendations with regard to the retention of certain information can be found in the CCTV Code of Practice published by the Commissioner which contains guidance on the retention periods of recorded material.

If personal data have been recorded because of a relationship between the data controller and the data subject, the need to keep the information should be considered when the relationship ceases to exist. For example, the data subject may be an employee who has left the employment of the data controller. The end of the relationship will not necessarily cause the data controller to delete all the personal data. It may well be necessary to keep some of the information so that the data controller will be able to confirm details of the data subject ‘s employment for, say, the provision of references in the future or to enable the employer to provide the relevant information in respect of the data subject’s pension arrangements. It may well be necessary in some cases to retain certain information to enable the data controller to defend legal claims, which may be made in the future. Unless there is some other reason for keeping them, the personal data should be deleted when the possibility of a claim arising no longer exists i.e when the relevant statutory time limit has expired.

The data controller may wish to consider the value of records for historical purposes. The Act provides that personal data processed only for historical, statistical or research purposes in compliance with the conditions set out in section 33, may be kept indefinitely. (Section 33(3)).

[JonCris]

They will claim the 6 years is industry practice but then so was bank charges

[pford]

think they are fed up with me now not even acknowledged my last email.

 

so loged into creditreport and sent them this with a few bits from one of SB posts

 

 

As you have refused to answer my emails on this subject.

I have done as you have advised, and this afternoon spoke to the credit services expert at the Information Commissioners Office, who agreed with me that you only have lawful right IF I have signed a contract. He also agreed that a contract expiry might bring into jeopardy your alleged right, as a secondary controller, to continue processing that data.

 

He also agreed that it might not be considered correct to maintain this data (unless I had specifically given permission) as it was not in the public interest, and was also personal and confidential information.

Also this information for your attention relating to the Fifth Principle of the Data Protection Act (1998) Legal Guidance by the Information Commissioner I have reproduced this section in full

3.5 Fifth Principle

 

“Personal data processed for any purpose or purposes shall not be kept for longer than is necessary for that purpose or those purposes”.

To comply with this Principle, data controllers will need to review their personal data regularly and to delete the information which is no longer required for their purposes.

Statutes may make specific provision relating to the retention of certain categories of data, for example, the Police and Criminal Evidence Act 1984. Recommendations with regard to the retention of certain information can be found in the CCTV Code of Practice published by the Commissioner which contains guidance on the retention periods of recorded material.

If personal data have been recorded because of a relationship between the data controller and the data subject, the need to keep the information should be considered when the relationship ceases to exist. For example, the data subject may be an employee who has left the employment of the data controller. The end of the relationship will not necessarily cause the data controller to delete all the personal data. It may well be necessary to keep some of the information so that the data controller will be able to confirm details of the data subject ‘s employment for, say, the provision of references in the future or to enable the employer to provide the relevant information in respect of the data subject’s pension arrangements. It may well be necessary in some cases to retain certain information to enable the data controller to defend legal claims, which may be made in the future. Unless there is some other reason for keeping them, the personal data should be deleted when the possibility of a claim arising no longer exists i.e when the relevant statutory time limit has expired.

The data controller may wish to consider the value of records for historical purposes. The Act provides that personal data processed only for historical, statistical or research purposes in compliance with the conditions set out in section 33, may be kept indefinitely. (Section 33(3)).

[pford]

well had a reply to last email to them do they know what they are doing LOL

 

Thank you for your email, which we received on 04 September 2006.

 

I note your comments, but would advise that it has been agreed with the Information Commissioner's Office that six years is a reasonable time for that data to be retained on your credit report.

 

However, in view of your recent communication with the Information Commissioners' Office, we will be happy to liaise with them accordingly for you.

 

Kind regards

 

 

 

Mr Barry R Clarke

Consumer Services Officer

CreditExpert

[un1boy]

lol, and your reply will be?....

[pford]

thinking about this might be a quote out of one of SB posts if he dosn't mind

[un1boy]

I was thinking the same - good old SurlyBonds, he has single-handedly (with the help of some others) helped us realise our rights and start to make the CRA's come crashing down, lol.

 

I'm sure he won't mind if you use one of his replies. Just post it here so we can keep track of it!!

 

Good luck.