N Hunter (FPA) SAR Results

[never-in-doubt]

I've sent off for a SAR for all 3 CRA's (Credit Ref Agencies) and the 4 FPA's (Fraud Prevention Agencies) and have just received my N Hunter (Part of Experian Data Analytics) SAR which is an absolute joke!

 

As such, i've written them a nice strong letter to investigate further and a copy is shown below. When I get a reply i'll post it here and will also post a blank copy of what they send as part of their SAR - it is very basic and the same format throughout, i.e. a few spaces for phone numbers and addresses and that's about it!

 

Letter is below: If anyone thinks of additional points or knows of any relevant laws I could quote please feel free to post...

 

 

Dear N Hunter,

 

Re: Subject Access Request

 

Further to my recent request for Subject Access data, and your subsequent response dated 30 March 2009; I would like to draw your attention to the queries outlined below and to my original letter; copy attached for reference.

 

It is all good and well providing me information but without a clear explanation as to what the information is, it is like asking a blind man to watch a football match on a broken TV with no sound! In light of this, please supply the information, which should have been sent with your original response, no later than 7 calendar days from receipt of this letter (7+2);

 

• Why would a company search your records? For instance; every time someone applies for a credit related product, does something trigger an N Hunter search similar to that of an Experian Credit Search? If not, how do you get involved? Does a lender actually manually intervene at the referred application (in process) and request an N Hunter search? If so, does this mean that you presume the very first application made by an applicant to be correct – what if the first application made was as a result of I.D theft, this would then make each and every application reject. Also, what if someone changes their mobile number or work department or even banks? This would then show a discrepancy wouldn’t it? Can this please be explained in detail?
  

• If a company searches your records, what specifically, are they looking for? For instance; if I apply for a credit card with Natwest, will Natwest check the N Hunter database and if so, why would they do it but say for example HSBC did not? Would they only search if my application was different to that of a recent HSBC application or am I missing the point?
  

• What do you hold about us & why? For instance; do you hold a master database that looks for discrepancies in data on applications we make or do your systems have master data which you assume is correct (if so how did you get this data?) and then if something is out of sync, this kicks in the N Hunter programme to do a secondary search? I am confused as to why some lenders search your records but others don’t and also interested to know what exactly you do because it just doesn’t add up. I am struggling to grasp what grounds there are for comparison and what makes you think your data is correct in the first place?
  

• Why does the SAR you sent me only contain print outs of searches made by lenders and not the data you actually hold about me on your systems? This as we both know is a severe breach of the Data Protection Act and if you persist in being obstinate I will have no option but to seek legal advice and take this matter through the courts seeking compensation. May I respectfully suggest you start acting in accordance with the governing rules and procedures implied upon yourselves and stop assuming you are dealing with someone who does not understand law, and in particular Data Protection. I want a copy of everything that you hold about me. You cannot be serious if you think I’ll accept a few screen prints showing weird data as all that you hold about me. If this was the case then why do you have this data in the first place? It serves absolutely no purpose? I am assuming that the N Hunter system works as follows, please correct me if I am mistaken; I have never applied for credit in the past. I make an application to HSBC and they decline me for having no credit. I then apply to Natwest and decide to put my other bank account details on there as my bank, also changing my mobile from PAYG to contract and changing departments in my work thus resulting in a move of office with a new phone number. Evidently going on this there will be some major differences to the application I made a week earlier at HSBC. Will this kick in an N Hunter search? If not, what exactly prompts your involvement? As I have never applied for credit in the past except these two applications, at what point would you capture my details or do you already have them, either way how did you get them?
  

• Looking at the documents you sent me, what do they mean and why are there only some for some lenders and not for all applications I’ve made? Why have these lenders in particular searched me and why did they search me? See above point for further clarification as to my question.
  

• I requested a copy of all records held about me and these are to include; Any electronic or manual files, any personal notes and any 3rd party involvement. All you have done is send me a screen print of what looks like lenders that may have searched your records about me. What do you hold about me? Please send this or do as I requested in my formal SAR and confirm in writing that you do not. The data you sent is what other lenders provided, not data that you hold about me; for example, where is my SAR request and copy of cheque? These should have been present within my SAR pack along with everything you hold about me – not just screen prints of what lenders have searched me.
  

• How long do you retain the data on your records? I assume you comply with the same laws set in place for the CRA’s thus am I right to assume that after a period of 12 months all previous searches performed in that period will dissolve? If not, please confirm the exact timescales and your procedures for when someone does change details?
  

• What is the outcome of using your services? For instance; what if a lender searches your files and the data I provided was different to that of which you hold, then what? There must be more to the silly papers you sent me and I want a copy otherwise I will formally demand the ICO deal with this for me.
  

• Why does the data differ on each lenders search? For instance; using Experian/Equifax/Call Credit the data is streamlined so that the same data is present throughout. In the papers you sent me some have different headers, some have fields empty and others have people’s names where my employer should be. Barclays for example has a name of XXXXXXXX – who is this? The information does not add up and makes no sense whatsoever so please send a full breakdown analysis of each piece of data so I can understand it.
  

I look forward to your imminent response, with detailed answers to my points above. If you feel it necessary to call me in the first instance to explain how things work, this may be better and could alleviate a lot of time because a lot of what I have asked is presumptuous due to a total secrecy of operations at your end. I will inform the ICO of your shortcomings in due course and will be seeking mandatory compensation for your lack of response to my legal request for all data held and your libellous data because the information you sent me does not conform with the information I provided to the lender in the first place. A good example here is that I have never applied for anything using the employer address of UNIT 7CENTRE (RBS Cards – ref: XXXXXXXXXXXXXX) – this is because the fields they provide are too short so I add extra in each line. This would not warrant incorrect data – it does however suggest your systems are not up to scratch to deal with varying field submission and predictive text thus rendering almost every application I make as a fraud. This is clearly incorrect and should immediately be stopped.

 

I look forward to your call (XXXXXXXXXXX) or response no later than 9 days (7+2) from receipt of this letter.

 

 

Yours faithfully,

[Thailand]

SAR'ing N Hunter...nice.

 

What are the other 3 FPA's? (is one CIFAS?)

[42man]

If there are any terms used that would only mean something to somebody who worked in that industry, then they haven't complied with your SAR in full, they need to provide also a glossary of what any terms mean (if this helps)

[Seminole]

Have a look at Section 7(1)d here

 

Data Protection Act 1998 (c. 29)

 

You are effectively asking for this information but there is a specific right to it under the DPA.

 

My wife took Nat West to court to try to obtain details of the automated decision making applied to her account. After two court hearings they asserted the DPA defence of trade secrecy. I think that's hogwash but the costs of taking the matter further were prohibitive.

 

At least in theory, you have the rights to see the manuals and computer code used when N Hunter makes an automated decision/ recommendation about you.

[never-in-doubt]

SAR'ing N Hunter...nice.

 

What are the other 3 FPA's? (is one CIFAS?)

 

Hi

 

Trust me I don't think they expected it - Experian DA wrote back saying they are not a CRA any longer and they report to N Hunter (they own hunter remember) so they returned my cheque but I don't quite believe them cos they have several fpa's within experian DA (see here: http://www.experian-da.com/solutions/index.html)

 

Its this that i'm interested in:

 

http://www.experian-da.com/solutions/fraud_prevention.html (Hunter I assume?)

 

 

 

Fraud Prevention Agencies are as follows:

 

N Hunter

Synectics Solutions

Experian Data Analytics

Cifas

 

Synectics are the ones that report catalogue fraud, such as repeat claims that your parcel went missing (assuming the driver left it out the back and you want a freebie) - they report this and also employee fraud etc....

 

HTH

Edited April 9, 2009 by never-in-doubt

[never-in-doubt]

Have a look at Section 7(1)d here

 

Data Protection Act 1998 (c. 29)

 

You are effectively asking for this information but there is a specific right to it under the DPA.

 

My wife took Nat West to court to try to obtain details of the automated decision making applied to her account. After two court hearings they asserted the DPA defence of trade secrecy. I think that's hogwash but the costs of taking the matter further were prohibitive.

 

At least in theory, you have the rights to see the manuals and computer code used when N Hunter makes an automated decision/ recommendation about you.

 

Thanks - appreciate the help..... i'll wait and see what their response is and post it for all to see....

 

Thanks again.

[never-in-doubt]

If there are any terms used that would only mean something to somebody who worked in that industry, then they haven't complied with your SAR in full, they need to provide also a glossary of what any terms mean (if this helps)

 

Helps loads - thanks... do you happen to know any acts I could quote if they refuse, for instance it's better to go in with one letter quoting the relevant laws isn't it?

 

Obviosuly makes sense to await their reply so thanks - i'll re-post soon...