Jinfo Blog'I want to be forgotten!'

Monday, 24th January 2011 Sign in to MyJinfo or create an account be able to star items Click for printable version Subscribe via RSS to get updates as soon as Blog items are added Tweet about this item on Twitter Share on Facebook Share on LinkedIn

By Tim Buckley Owen

« Blog

Item

Credit reference agency Experian has announced that it is now including residential rental payment data in its United States credit reports.  As yet another facet of personal information becomes available to business, authorities in the United Kingdom and the European Union are currently taking a careful look at data protection issues.

In incorporating positive rental data from its own RentBureau division into the traditional credit file, Experian has the estimated 50 million 'underbanked' US consumers in its sights – including college students, recent graduates and immigrants, who it says will now be able to build credit with continuous on-time rental payments.   Leaving aside the fact that it was overtures to the 'undermortgaged' that triggered the current financial crisis, this is Experian's second personal information initiative in a few days, following its acquisition of an interest in social networking marketing specialist Techlightenment.

Business is scarcely likely to voluntarily restrain its exploitation of the information that individuals either choose or are required to reveal about themselves.  So it's perhaps not surprising that the issue remains of great interest to regulators.

In the UK, the personal privacy watchdog the Information Commissioner's Office has begun the new year by urging consumers to take control of the information that credit agencies hold about them.  It's relaunched its 2009 booklet Credit Explained and points out that almost a third of the data protection complaints it received in 2010/11 were about lenders.

Meanwhile the European Union has just published an Opinion on which country's data protection law should apply when.  Highlighting possible ambiguities in the wording of the EU's Data Protection Directive, the Article 29 Working Party, which is made up of the data protection authorities of the EU's 27 member states, is particularly concerned about the Cloud.

'Cloud computing makes it difficult to determine the location of personal data and of the equipment being used at any given time,' the Opinion states (alternatively see a handy résumé from Out-Law).  So the law that should apply should not simply be the one where the controller is based, but the one where the activities themselves take place – and it's not even necessary for the controller to own or fully control the equipment involved for the processing to fall within the scope of the Directive.

It's just one facet of a comprehensive approach to personal data launched by the European Commission last November introducing the concept of the 'right to be forgotten' (alternatively see a FreePint DocuBase summary).   As citizens we should be pleased; as information professionals we need to be on the look-out for all sorts of new compliance issues ahead.

« Blog

Benefit from our research

Content and Community

Connect your team with the practical tools, original research and expertise to build and support information strategy in your organisation.

A Jinfo Subscription gives access to all Content (articles, reports, webinars) and Community.

Subscription benefits


Consulting

Our proven processes, resources and guidance will help your team make the shift from transaction centre to strategic asset.

Read case studies, and start the conversation.

Consulting benefits