ICO - your personal data isn't yours once you hand it to creditors

29 July 2010

Last month we told how an avid Bitterwallet reader was having chew with retailer Next; he wanted his account closed and his personal data removing from their system - he wanted to ensure his details couldn't be lost or stolen, which appeared entirely sensible - but Next categorically refused to. Eventually Next told our reader "your account details are held for Data Protection purposes and we cannot delete your account."

That made no sense whatsoever, since the Data Protection Act states that such information should not be kept longer than it is required. So what were Next up to? Was it that the retailer were habitual lawbreakers, or that there were other rules in play?

The latter, as it turned out. We've since learnt from Next the Information Commissioner's Office has taken a view on the matter and found in favour of creditors; while the likes of Next have no need for the data, third parties such as credit agencies might. The bottom line is that creditors can therefore hold personal data for up to six years - you can read the ICO's clarification on the matter here. A spokesperson for Next explained the situation to Bitterwallet:

"Account information is held by us and reported to the credit reference agencies for a period of six years after the account was last active. This is in line with normal industry practice for credit accounts and the Information Commissioner has reviewed and endorsed this practice. This is done to assist lenders in making responsible decisions when applications are made for further credit facilities. Because of this, we are unable to completely delete an account from our records during this time.

"If customers choose to close their account we can ensure no further orders can be placed. But at present customers are still able to access their account details via our website. We understand that this can cause some confusion, and so we will be making some changes in the future to ensure that closed accounts are no longer visible online."

TOPICS:   Privacy   High Street News


  • DragonChris
  • The B.
    Yep, blame Experian, they're scum, Equifax aren't as bad but Experian = scumbags.
  • The B.
    Brian here. WTF???? Is dis real?????
  • BobF
    It always amuses me when they say "standard industry practice" when they mean "we do it because no one has punished us for doing so, and we dont see that as likely any time soon".

What do you think?

Connect with Facebook, Twitter, or just enter your email to sign in and comment.

Your comment