When the Government announced that it wanted the bank details of almost everyone in the country, many saw the move as the latest crevice in the ongoing erosion of our privacy. But most of us are ignorant about the true scale of confidential information swilling around about our life, money and that of our families.
The new legislation will require banks and other private-sector companies to hand over the personal details of millions of people claiming tax credits and unemployment benefits in what the Government says is a crackdown on fraud and error in the welfare system. And, in a bid to reduce huge mistakes in the tax system, the scheme will eventually cover everyone in work, too. But the changes, which are due to be rolled out over the next three years, won't actually mean gaining any more information than the Government already has, Whitehall officials say.
Almost every employee and benefit recipient in the UK receives their money through the banking system, which provides all the information the Government needs, they say, and the new rules will simply unify them to crack down on fraud and errors. So just how much information is out there about you?
According to the information group CallCredit, Core, the largest data collection programme in the UK, contains the details of 42 million consumers. It offers access to 28 million residential addresses, 20 million email addresses, 15 million mobile phone numbers, and details on age, financial characteristics and behaviour, the holidays you take, what you read, when your insurance is due for renewal and the kind of car you drive, or wish you drove. And this kind of information comes from a huge range of different organisations which collect, buy and sell it.
Price comparison sites
Savvy consumers looking for the best deal regularly plug their personal and financial details into price comparison sites. Once registered, these sites will retain data on the products you search for, the details you uploaded and which, if any, you bought, as well as passing your "lead" on to other product providers. MoneySupermarket.com, for example, holds customers' details for six years after the last time they used the site. According to the aggregator this is industry best practice, and is in accordance with the Data Protection Act's requirement that information is held for "no longer than necessary". The Information Commissioner's Office (ICO), which administers the Act, acknowledges that while companies must comply, they can choose how to interpret its rules, including what information is held about individuals and how long for.
Banks and building societies
It makes sense that financial services organisations keep your personal and financial details. The product providers who look after your current account, savings, investments, pensions and those of your family will keep your information for years after you cease to be a customer. But with mergers, acquisitions and other business partnerships, the range of organisations that have access to your records is far larger than many of us expect. In fact, last year HSBC was fined a record £3.2m for losing the details of 180,000 of its own life insurance customers and those of around 200 members of an entirely different company's pension scheme – twice.
Ever applied to rent or buy a property? The information you hand over will usually include previous addresses, banking details, employment history, your debt profile, and even the contact details of friends and family. These are kept for several years, along with a record of the relationship you have had with that agent. And although its primary use is to process the application or request you made, including searches at credit reference agencies, this information is regularly passed on to associates, including your landlord or their clients, third party mortgage brokers and lenders.
Sign up for a retailer's loyalty or store card and you'll often receive discounts and exclusive offers in return for information about your preferences and habits every time you shop, whether you're buying fruit and veg or condoms and tampons.
Tesco, like many others, uses the details on loyalty card application forms, plus details on what customers buy, for a range of uses, including analysing customers' shopping habits and targeting them and their families with offers and information about products and services.
"We will share your details among Tesco companies at home and abroad (eg Tesco Personal Finance), and businesses that process Clubcard information on our behalf (eg printers who need certain details to print our mailings)," says the Tesco Clubcard Data Protection statement. "We may also use and share information relating to groups of customers, without identifying individuals, to learn more about customer behaviour and find ways of enhancing our service."
And then there are the financial products advertised at the checkout, such as credit cards, insurance, and savings accounts – the records of which the retailer may also have access to. Fill in a few forms and you may find that your supermarket of choice knows more about your everyday life than your parents do.
Airlines and travel agents
It's no surprise that airlines and travel agents will keep your name and address, card details, phone number and email address when you book a holiday or business trip with them, along with all the travel details. But as a member of frequent flyer or other membership programmes, your activities could also build up a bank of in-depth data, including your passport details, age, class, seat and meal preference, and, of course, where you go, when and with whom.
Where's the harm?
More than 90 per cent of us rank "protecting personal information" as the most socially important issue – second only to crime prevention – but large private-sector companies are lagging behind the public sector on their knowledge of data protection, according to the ICO.
"Every day, you will give out your personal information in some way or another," a spokesperson for the ICO says. "Although most of the personal information stored about you will provide benefits such as better medical care and financial reassurance, it can cause problems.
"If personal information is incorrect, inadequate or out of date, it could lead to people being unfairly refused jobs, housing, benefits, credit or a place at college. Think carefully before supplying your personal information. Always ask why an organisation is requesting it, as you may not need to supply it."
The Data Protection Act allows you to see information held about you and get it corrected if it is wrong. Organisations holding your personal information must to use it fairly, keep it secure, make sure the information is accurate and keep it up to date. The Data Protection Register lists those who hold your details and why at: http://www.ico.gov.uk/what_we_cover/promoting_data_privacy/keeping_the_register.aspx
Under the Act, you can make a written "subject access request" to any organisation you believe holds information about you. The reply you receive should include a copy of all the information they hold about you, details of why your information is processed and the types of organisations it is passed on to.
If you believe your personal information is wrong, write to the organisation, identifying the information you believe is wrong and what should be done to correct it. If they fail to respond appropriately, contact the ICO at www.ico.org.uk, or call 0303 123 1113.Reuse content