The biggest danger to your personal data could be hiding in plain sight – and the law is not on your side.
We’re constantly warned to take care with our data. Be careful who we give it to, know what they want it for. Control it, be cautious with it, take care that those who guard it are taking appropriate security measures.
Yet a simple loophole that could see your data being sold on, even if you had instructed the company not to do this when handing it over, has come to light. And it’s perfectly legal, and happening frequently.
When a company who has your data goes into administration and appoints liquidators, they are charged with making as much money as possible from any remaining assets to reduce the debt to creditors. And guess what has a lot of commercial value? Yes, correct – your data.
This data, this personal information about you shared in good faith with one company, is now an asset for sale, available to the highest bidder who can in turn do what they want with it.
While the Information Commissioner’s Office states that anyone handing over their data has a “reasonable expectation” of how that data will be used, selling it on, often to a company in the same industry, does not seem to breach this – in practice if not in spirit.
This astounding state of affairs was highlighted this week by a consumer programme on BBC Radio Four, where a woman from London was, in her words, “innundated” with emails and calls from other providers after the ferry company she had used went bust.
Adamant that she had “ticked boxes” stating her details should not be passed to third parties, she was powerless when liquidators Ernst and Young were appointed and the customer list was, quite legally, sold on. As she started being “bombarded” by unsolicited contact, she asked one where they had got her details from, and was told it was from the receivers. The same receivers who never contacted her to ask permission to sell on her data.
She told the programme: “The government are always saying you need to look after your data and you shouldn’t share it with people you don’t know, and then then they take it upon themselves to nominate someone who can sell it on and I think it makes a mockery of keeping your business private.”
An insolvency expert told the programme that, while not familar with that exact case, the underlying action was widely recognised as acceptable. Companies, those holding data and those acting as receivers or liqiuidators, are required to follow data protection laws, but crucially that doesn’t restrict data from being sold on as a commodity. Which is a pretty shocking state of affairs.
Stories like this highlight how powerless consumers are in many ways once they hand over their data, losing control of where it goes and what it does without ever having done anything wrong.
While never sharing any data is unrealistic if you want goods and services in this modern age, sharing the bare minimum is obviously good practice.
Companies such as digi.me are working on solutions to these trust issues, building a data-driven future where you are at the centre of your connected life, crucially in complete control of who has access to your data and what you get in return, but the full realisation of this is some way off.
But you can start claiming back some control by downloading a free version of our app now, collecting information about you distributed across various social media sites and reclaiming it for your own use and purpose.