The data trails that reveal every detail of our lives

Catch a train, buy groceries, shop online – and a database records the transaction. Should we worry about this? Can we stop it?

Kate Hughes
Saturday 21 March 2009 01:00 GMT

We live in the age of Big Brother. Every day, our personal paper-trails – transactions, applications, made or missed payments, shopping trolley contents, even where and when we "touch in" with electronic travel passes – build up to a detailed picture of our lives. Information on the average "economically active" person in the developed world is held on more than 700 databases, according to the think-tank Demos.

"Almost everything we do every day leaves some sort of trace," says Peter Bradwell of Demos. "From internet surfing to credit, debit and cashless cards, store cards and loyalty cards, it all provides information. People aren't aware of just how detailed that information is."

Adrian Lowcock of Bestinvest says: "Consumers would be surprised at how much data is held, to what extent their day-to-day lives generate all this information. The analysis can be very revealing. Something as minor as a postcode can tell you what someone living there earns, what they spend and where, giving a tremendous steer for financial products.

"People have little idea of the level of analysis that goes on. It's not a question of whether they have all this information, but what they do with it and how well they look after it."


The UK high street is awash with cards offering discounts and other incentives in return for your personal details and information about how, when and where you shop.

Loyalty cards, as the name suggests, offer rewards for your loyalty, based on a points system. Points are exchanged for goods. About 15 million UK households have at least one loyalty card.

But they also collect details about your shopping habits and match them to a range of personal details from your application form, such as your address, date of birth, gender, marital status, even salary. Repeated incoming information about your basket of goods every time you shop doesn't just yield data on how often you buy broccoli, but also what illnesses you could be suffering from, or even what contraception you use.

Store and credit cards provided by supermarkets that offer discounts on your shopping glean all this information – and then charge you a huge interest rate for any unpaid debt as well.

Some loyalty cards are even linked to other companies. Nectar, for example, has partnerships with Sainsbury's, BP, Ford, EDF Energy, Hertz, Brewers Fayre, Beefeater, Talk Talk, D&A, American Express, the AA, Thomson Local, Gala Bingo, Expedia, and now Homebase. They don't hold details of exactly what you buy, but they do hold data on how much you spend every time you shop with those partners. In the same way, voucher codes and online shopping schemes that offer discounts or points towards online shopping also record your transactions in order to credit rewards.

Bradwell says: "No one forced us to have store cards or other services, and there are often valuable incentives, but people simply aren't aware of what the consequences are. This can be anything from offering a more personal service in the short term to an insurance company increasing your premium in future because they know you buy cigarettes. That's not a problem if people don't mind, but they must understand what they're really signing up for. Most people have a vague idea that their information is held, but they have no idea of the analysis and the level of detail they are providing."

Data collecting doesn't happen only on the high street. Surfing the internet leaves a trail of "cookies" – messages web servers send to your browser when you visit internet sites. They are usually used to track website activity in online shopping. Now, however, price comparison sites are using them to record information you enter or items you plan to buy.

Financial products

It is fairly obvious that if you register an electronic travel pass, such as London's Oyster card, that it tracks your movements as you "touch" in and out. But services like the Barclaycard OnePulse, for example, offer a combined credit, Oyster and "cashless" card, meaning that, as well as travel information, the cards can generate purchasing and bank details, Demos has warned.

"People are vaguely aware that companies hold their information," says Lowcock, "but this data can often be sold and resold perfectly legitimately, particularly when companies are bought and sold." Even when you tick the box on application, feedback and other forms – the one that prevents companies from passing your details on to external firms – that doesn't necessarily exclude the other companies in the group. And, thanks to the downturn, there are a number of merged or merging financial institutions. The Santander group, for example, includes Abbey, Bradford & Bingley, Alliance & Leicester and Cahoot. Lloyds Banking Group now includes Lloyds TSB, Halifax, Bank of Scotland, Clerical Medical and Birmingham Midshires. And how they share their information is all about the fine print.

For example, Clydesdale Bank is part of the National Australia Bank Group, along with Yorkshire Bank. Their "Using Personal Information" online document states: "For our internal operational reasons, we may link information concerning your accounts with us to information concerning other products and services we provide to you... We may also link your information to that of other individuals with whom you are financially associated. Such information may also include sensitive personal data, such as information relating to your health, or criminal convictions or proceedings."

As well as legal obligations in matters such as money-laundering and fraud prevention, the bank states that it will use a customer's information to "assess the suitability of our products and services for you; to analyse the operation of your accounts and services and your purchasing preferences... for market and product analysis purposes; and... for system testing purposes."

And elsewhere, the agreement clearly states that they may need to "transfer your information abroad to other Group companies, service providers, agents and subcontractors in countries where they may not have data protection laws providing the same level of protection as those in the European Economic Area, such as Australia, New Zealand and the USA." And Clydesdale's use of personal information is by no means unusual.

Is all this really a problem?

For the most part, data about you is ultimately used by a range of companies to work out how they can sell more things to you or to people like you, be that a beer, a holiday or a savings account. But you only need to start a conversation in the pub on the subject to discover how deeply divided we are over this issue – and whether it is a problem.

"Yes, all this information being freely available may mean you get more junk mail or cold calls," says Simon Webster of the independent financial adviser Facts and Figures. "You can opt out of those mailshots, and the Data Protection Act says that companies can only use our information in certain ways. There are huge fines for those who fail to comply with these laws.

"But it is just information," he adds. "In fact, it can be very handy to know about relevant deals or discounts."

However, security is an issue. "Financial companies should not hold any more information on you than they need to do business with you," says Ian Hudson of the financial adviser Hudson Green & Associates. "Most people are cynical about financial companies and others' abilities to hold that information securely. We've seen too much evidence of databases full of personal information being left in cars and trains. We need to be clear about what information is available about us as well as the accuracy of that information."

Bradwell adds: "Regardless of how you feel about privacy, we need to have a say in what is held, and for what purposes. The danger is that the information we thought was used for one purpose will be used in ways we have no idea about and have no control over."

Fighting back: How to take control of your data

Aside from reading all the fine print on any applications and ticking the "no data sharing" boxes, there are two important pieces of legislation that help to protect your information.

The Data Protection Act allows you to ask to see information held about you via a "subject access request" and demand that it is corrected if that information is wrong. You also have the right to stop your personal information being used for unwanted marketing. For full details of your rights, including instructions on how to make a subject access request, or to complain about an organisation you believe to have breached this legislation, go to

This site also provides information on privacy and electronic communications regulations, which give you the right to stop electronic direct-marketing messages, including phone calls, faxes, emails and text messages.

To reduce junk mail and remove your information from mailing lists, the Royal Mail offers an opt-out registration service. Go to the "Controlling your mail" page at To prevent cold-calling at your home, register with the telephone preference Service at or 0845 070 0707. The Demos report on data collection in the UK, "For Your Information", can be downloaded at www.demos.

Join our commenting forum

Join thought-provoking conversations, follow other Independent readers and see their replies


Thank you for registering

Please refresh the page or navigate to another page on the site to be automatically logged inPlease refresh your browser to be logged in