My Lords, as your Lordships know, before giving somebody credit, lenders such as banks, loan companies and shops want to be confident that the person can repay the money they lend. To help them do this, they may look at the information held by credit reference agencies.
Credit reference agencies give lenders a range of information about potential borrowers, which lenders use to make decisions about whether or not to offer a person credit. It is safe to say that the three main credit reference agencies in the UK—Equifax, Experian and Callcredit—are likely to hold certain information about most adults in the country. Most of the information held by the credit reference agencies relates to how a person has maintained their credit and their service and utility accounts. It also includes details of people’s previous addresses and information from public sources such as the electoral roll, public records including county court judgments, and bankruptcy and insolvency data.
The information held by the credit reference agencies is also used to verify the identity, age and residency of individuals, to identify and track fraud, to combat money laundering and to help recover payment of debts. Government bodies may also access this credit data to check that individuals are entitled to certain benefits and to recover unpaid taxes and similar debts. Credit reference agencies are licensed by the Financial Conduct Authority.
As noble Lords may be aware, anyone can write to a credit reference agency to request a copy of their credit reference file. Given the sheer volume of requests that such agencies receive, Section 9 of the Data Protection Act 1998 provides that a subject access request made under Section 7 of the Act will be taken to mean a request for information about the person’s financial standing, unless the person makes it clear that he or she is seeking different information. Very importantly, when responding to such a request, Section 9(3) of the 1998 Act requires the credit reference agencies to provide the person with details about how he or she can go about correcting any wrong information held by the agencies. The process for doing so is set out in Section 159 of the Consumer Credit Act 1974, and the 1998 Act makes reference to it. If personal information held about someone is incorrect or out of date, noble Lords will appreciate that it could lead to that person being unfairly refused credit.
Clause 12 of the Bill simply replicates the provisions in Section 9 of the DPA in relation to handling of subject access requests made under article 15 of the GDPR. If it were omitted without anything being put in its place, this could create uncertainty for consumer reference agencies about how they should respond to a subject access request. It would create uncertainty for data subjects, who would no longer be supplied with guidance on how to update details in their file that were wrong or misleading. As far as we are aware, these provisions have worked well over the last 20 years and we can see no reason why they should be omitted from the Bill.
On that basis, I respectfully invite the noble Lord to accept that Clause 12 should stand part of the Bill.