Jump to content


BankFodder BankFodder


Discussion re DPA and Credit Agencies

style="text-align:center;"> Please note that this topic has not had any new posts for the last 4839 days.

If you are trying to post a different story then you should start your own new thread. Posting on this thread is likely to mean that you won't get the help and advice that you need.

If you are trying to post information which is relevant to the story in this thread then please flag it up to the site team and they will allow you to post.

Thank you

Recommended Posts

Hi All


I got to thinking about Equifax etc and whilst I know that you can pay £1 and grab your credit record - as I recall this is just a snapshot of now....


Does anyone know if they are liable under the Act to provide you with 6 years of information related to data about you, where it camr from who has enquired against your records etc.


Anyone know???






Share this post

Link to post
Share on other sites

Here is the info in the Data Protection Act relating to sars. It does say that

it "may be limited" to personal data, but also allows for alternative data to be asked for, or

that is how I read their use of "contrary intention"


4.1.2 Credit Reference Agencies

Where the data controller is a credit reference agency, a subject access request may be limited to personal data relevant to the individual’s financial standing and, unless the request shows a contrary intention, will be deemed to be so limited. A request for a credit file should be made to the three main credit reference agencies namely,


Equifax Plc

Credit File Advice Service

PO Box 300



G81 2DT Experian Limited

Consumer Help Service

PO Box 8000




Callcredit plc

Park Row House

5th Floor

19-20 Park Row



and should include the data subject’s name, address, postcode, any other addresses the data subject has had in the last 6 years and any other names used in that period. Further information may be obtained from the Commissioner’s publication “No Credit”.


4.1.3 How does the data controller satisfy himself as to the identity of the person making the request?

If accidental disclosure of the information held by the data controller to an individual other than the data subject would not be likely to cause damage or distress to the data subject, the data controller may rely upon the usual signature of the individual as proof of identity and the information may be sent to an address known to the data controller as being the address of the person making the request.

If the information is such that its accidental disclosure to an individual impersonating the data subject would be likely to cause damage or distress to the real data subject, the data controller might reasonably require better proof. Possible methods of checking identity in these circumstances include:

• •

asking the individual to give information which has been recorded as personal data by the data controller and which the individual might be expected to know;

asking the individual to have their signature witnessed by another person who is over 18 and is not a relative;

• • • • • • • asking the individual to produce a document that might reasonably be expected to be in only their possession.

Share this post

Link to post
Share on other sites

  • Recently Browsing   0 Caggers

    No registered users viewing this page.

  • Have we helped you ...?

  • Create New...