Re: CRA 6 Year rule

In another place, a freedom of information request was issued, and it was shown that there was no record of ICO and/or the OFT and CRA's ever making such an agreement.

Further, today, I issued my own freedom of information request, because I have information that until 1994 credit reference agencies were only recording defaults for three years. I have therefore asked the ICO and OFT whether there was ever an agreement on this change.

Re: CRA 6 Year rule

powerful_rogue has an interesting thread over on CCS on this subject Phoenix, I think you may have seen it.

Tanz

Re: CRA 6 Year rule

Hiya Tanz.... yes i have :okay: even though though they have moved parts of it behind closed doors :rolleyes:

I can see why but at the end of the day, we are all fighting the same cause

I know they have been working on this for a wee while now, as have a few other sites. Nice to have something new to get our teeth into though

What's your thoughts????

Re: CRA 6 Year rule

My thoughts are that the 6 year rule is nothing but an industry standard timescale which should be fought tooth and nail.

Same as Limitations Act timescales. Grrrrrrr.

There seems to have been some good info uncovered (or the lack of it) and also a lot of buck passing from vaious regulators etc. I think from reading that thread that it is developing some important discussions which may open up big can of worms.

I have not really posted too much on that thread but have been reading with interest what is being uncovered.

I also agree we are all on the same side. Sometimes however key strategies need to be taken off open forums to enable them to be ironed out away from prying eyes (and by that I don't mean genuine claimants).

I am sure it will be back out in the open if it has been taken of main forum. I wasn't aware it had been mate.

Tanz

Re: CRA 6 Year rule

only the responses to requests and ICO letters etc
the main thread is there, like you said, the sensitive bits have been removed from praying organisations.

All the info is OTR anyway so not so secret now :roll:

You are right though, for so long now, processing of data has been the norm, it could be difficult to convince a court otherwise without any case law to back it up.

This issue could be based on facts and an interpretation of vague legislation . IMO

Re: CRA 6 Year rule

I cannot see why you are worried about having case law, when statute is on your side, you have already quoted the DPA, the CCA, there is also the consumer protection act which states:

39.
Defence of due diligence.
— (1) Subject to the following provisions of this section, in proceedings against any person for an offence to which this section applies it shall be a defence for that person to show that he took all reasonable steps and exercised all due diligence to avoid committing the offence.

(2) Where in any proceedings against any person for such an offence the defence provided by subsection (1) above involves an allegation that the commission of the offence was due—
(a)
to the act or default of another; or

(b)
to reliance on information given by another,


that person shall not, without the leave of the court, be entitled to rely on the defence unless, not less than seven clear days before the hearing of the proceedings, he has served a notice under subsection (3) below on the person bringing the proceedings.

(3) A notice under this subsection shall give such information identifying or assisting in the identification of the person who committed the act or default or gave the information as is in the possession of the person serving the notice at the time he serves it.

(4) It is hereby declared that a person shall not be entitled to rely on the defence provided by subsection (1) above by reason of his reliance on information supplied by another, unless he shows that it was reasonable in all the circumstances for him to have relied on the information, having regard in particular—
(a)
to the steps which he took, and those which might reasonably have been taken, for the purpose of verifying the information; and

(b)
to whether he had any reason to disbelieve the information.


(5) This section shall apply to an offence under section 10, 12(1), (2) or (3), 13(4), 14(6) or 20(1) above.

Re: CRA 6 Year rule

that would only assist the defendants....

without case law you need to prove without reasonable doubt and convince a judge of your claims. CRA's and financial organisations are only doing what they have been told to do for the past 35 ish years ..
With case law you could rely on the judgments of other courts to assist your claim.

Re: CRA 6 Year rule

Your Point about only doing what they have been told for the last 35 years is incorrect, A white paper was produced in march 2000, which was then published as a guidlines booklet for any business that deals with the retention, storage and publication of personal data.
The booklet also states that the main principles of the DPA are governed by the ICO (the very people fobbing us off, with regards to the +6 year retention of our personal data), the booklet has 8 main principles of the DPA, & are as follows:

The data protection principles
6. A copy of the eight principles, as they appear in the DPA, is at ‘Appendix A’. In brief, the principles lay down that all data must:

• be fairly and lawfully processed;
• be obtained for specified purposes and not further processed in any manner incompatible with those purposes;
• be adequate, relevant and not excessive;
• be accurate;
• not be kept for longer than is necessary;
• be processed in line with the data subject's rights under the DPA;
• be kept securely; and
• not be transferred to a country outside the European Economic Area unless that country ensures an adequate level of protection for the rights and freedoms of data subjects in relation to the processing of their personal data.

There would be no need for extra case law, to back up a clear breach of the DPA.

the full booklet can be found on the following link.

www.cabinetoffice.gov.uk/publicationscheme/dphandbook/annexbmd.aspx

Re: CRA 6 Year rule

If you really want DPA case law, may I suggest Blackstones guide to the Data protection act 1998, which examines all aspects of the DPA, with case law, and is available on Amazon.

Re: CRA 6 Year rule

SWOS the question I think, is the definition of "not kept for longer than is necessary". How long is necessary? How would it be defined?

Re: CRA 6 Year rule

6 years according to this and other sites nattie, although once the contract has been ended as of then, as long as there is no outstanding balance.

Re: CRA 6 Year rule

Well, no that's not correct. If we are talking about a subject access request then we are talking forever if data is still held. HOWEVER, 6 years follows with the statute of Limitations. I believe that in a thread on another site that the Crowther Report was mentioned from 1971(after a FOIA request). But why do banks hide behind this viewpoint when clearly this is not the case of 6 years merely the litigation point of view.

Re: CRA 6 Year rule

I take your point Nattie, but we both know that the banks state in their replys to SARs, they are "only legally obliged, to supply the Data for the 6 year period", in line with the DPA & the Limitations act.
The question was about the CRA's holding information for more than 6 years, which are governed the the DPA.
So if the banks and financial institutes will not supply data beyond the 6 years through a SAR, Then by their own definition, they cannot report credit history beyond the 6 years either, but they do, and the CRA's do what master says.
We all know the financial institutes of England etc, interpretate the law as they see fit.

Re: CRA 6 Year rule

A creditor could process personal data for as long as 10 years or even longer.

You took out a loan for 5 years and defaulted on year 4, a notice is issued and remains on your file for 6 years. Add that to the first 4 years = 10 years.

I believe the DPA allows 10 years worth of data to be accessed. In fact financial organisations can hold data for as long as they like and so can the CRA's..... they just aint supposed to process it to a third party after a reasonable amount of time.

The Money Laundering Regulations 2003 s.6 (3)(a)(b) does state that records must be kept for at least 5 years after an agreement/relationship has ended.

If an organisation tells you they don't have or keep data for more than 6 years (previous to the date requested) they could be committing a criminal offence and I believe should have a Notice of Distruction, which you could request a copy.

The original point is that CRA's and data controllers are processing data and holding default as well as adverse payment history for 6 years.

There is NO statutory provision for this to happen. It's just industry standard and has been since the 70's, although originally defaults were kept on file for 3 years not the current 6.

The DPA make NO exact provision for the 'time period' that data can be processed. Unfortunately for us the DPA is not written in PIL. and is open to interpretation.
A so called industry standard ' 6 year period ' set by non-regulatory bodies is not an interpretation of Principle 5..... Personal data processed for any purpose or purposes shall not be kept for longer than is necessary for that purpose or those purposes

IMHO :whoo: