YP Letters: It cannot be right for giant firms to buy and sell my data

From: P Rouse, York.

How much data should tech firms hold?

IN October last year, I received a letter from Equifax telling me that my data had been hacked in an attack on their systems in the US, and offering various protection products.

I later discovered that Equifax is one of three companies licenced to store data about anyone it chooses, so that it can be sold to other companies seeking a credit reference.

Sign up to our daily newsletter

The i newsletter cut through the noise

This prompted me to write and ask what they were doing with a data file on me when I never use credit. I also asked for a copy of my file, and a list of the companies who had accessed it in recent years.

I eventually received an unsigned reply telling me that my complaint had been investigated internally and had not been upheld.

It enclosed a two-page questionnaire which I was expected to fill in before getting a copy of my file. This questionnaire asked for even more information about me, such as details of past company directorships etc.

Needless to say, I refused. I decided that I would complain to the Information Commissioner’s Office, as its website clearly states what we should expect from companies holding our data.

Personal data should not be taken outside the EU. It should be held for a reason, and only accessed by companies who have a reason for doing so.

It should also be possible for someone to see their file on request, for a small fee. I also asked the ICO why companies were allowed to carry out credit checks on people like me, when we did not require credit.

The ICO reply was unbelievable. I should expect utility companies, for example, to carry out credit checks as a matter of course, which did not seem to me a good enough reason for doing so.

The Equifax refusal to send me a copy of my file was dismissed as poor customer relations, over which ICO has no control, ignoring the fact that I am not an Equifax customer.

Its customers are those companies who pay to access my data. The distribution of my data outside of the EU was simply ignored.

They did invite me to complain to the Financial Ombudsman, but having watched the recent TV coverage about them, that could be another waste of my time.

I really object to my data being stored then bought and sold by people who obviously can’t look after it. It is also clear that companies such a Equifax act as they please without any adequate supervision by our supposed protectors.