'I want to be forgotten!'
Monday, 24th January 2011
Tim Buckley Owen
Credit reference agency Experian has announced that it is now including residential rental payment data in its United States credit reports. As yet another facet of personal information becomes available to business, authorities in the United Kingdom and the European Union are currently taking a careful look at data protection issues.
In incorporating positive rental data from its own RentBureau division into the traditional credit file, Experian has the estimated 50 million 'underbanked' US consumers in its sights – including college students, recent graduates and immigrants, who it says will now be able to build credit with continuous on-time rental payments. Leaving aside the fact that it was overtures to the 'undermortgaged' that triggered the current financial crisis, this is Experian's second personal information initiative in a few days, following its acquisition of an interest in social networking marketing specialist Techlightenment.
Business is scarcely likely to voluntarily restrain its exploitation of the information that individuals either choose or are required to reveal about themselves. So it's perhaps not surprising that the issue remains of great interest to regulators.
In the UK, the personal privacy watchdog the Information Commissioner's Office has begun the new year by urging consumers to take control of the information that credit agencies hold about them. It's relaunched its 2009 booklet Credit Explained and points out that almost a third of the data protection complaints it received in 2010/11 were about lenders.
Meanwhile the European Union has just published an Opinion on which country's data protection law should apply when. Highlighting possible ambiguities in the wording of the EU's Data Protection Directive, the Article 29 Working Party, which is made up of the data protection authorities of the EU's 27 member states, is particularly concerned about the Cloud.
'Cloud computing makes it difficult to determine the location of personal data and of the equipment being used at any given time,' the Opinion states (alternatively see a handy résumé from Out-Law). So the law that should apply should not simply be the one where the controller is based, but the one where the activities themselves take place – and it's not even necessary for the controller to own or fully control the equipment involved for the processing to fall within the scope of the Directive.
It's just one facet of a comprehensive approach to personal data launched by the European Commission last November introducing the concept of the 'right to be forgotten' (alternatively see a FreePint DocuBase summary). As citizens we should be pleased; as information professionals we need to be on the look-out for all sorts of new compliance issues ahead.
About this item:
Tim is an information skills trainer and writer on the information industry with over 40 years' experience in the profession. His career has encompassed information management, writing, editing, training, government policy advice and corporate media & marketing.
Besides writing for FreePint, Tim runs courses for training providers and private clients on enquiry handling, abstracting & summarising, information packaging & presentation and information management. The sixth edition of his classic handbook Successful Enquiry Answering Every Time is published by Facet Publishing. You can find details of Tim's training services at www.buckleyowen.com.
Tim can also be reached at firstname.lastname@example.org
More articles by Tim Buckley Owen »
« See all FreePint Blog items