Data Protection Act 1998

Findings from ICO Visits to Credit Reference Agencies

On September 30, the UK Information Commissioner’s Office (ICO) published a review of the manner in which personal data is processed by credit reference agencies (CRAs).

Although the report focuses on CRAs, the ICO states that the issues highlighted are equally relevant to other organizations processing large amounts of personal data and to lenders who share information with CRAs.

The report identified certain areas that could be improved, including implementing a process to remind organizations supplying data to CRAs of their obligations under the Data Protection Act 1998, and a system to ensure that all CRAs’ clients are audited at least once a year.

The appendices to the report provide advice for firms relating to each of the topics covered by the report including training, staff awareness, data sharing, monitoring and reporting issues and information risk management.  Report.