Last month’s brief foray into the menace of
spyware and adware, and the consequences for personal “freedom
from marketing” has produced a response from the floor that
indicates quite clearly that some of you are getting quite ratty
about the way your own personal information is being gathered and
sold without your knowledge, and without any of the revenue coming
So I did some research, and paid to get my
Experian record (www.experian.co.uk)
and was surprised to find what it contained – including details
of my late father-in-law who died in January 1999. Thanks to the
provisions of the Data Protection Act, it's easy enough to order
your personal credit file – although it took 14 days to get the
answers in the post.
Credit reference companies like Experian know
very well that they are treading on eggshells, and go to some
lengths to explain themselves in the effort to look caring and
inclusive. They make efforts to explain about 3rd party disclosure
– however, they make the process of obtaining and correcting
your own information as slow and cumbersome as possible –
compared to the instant lookup available at the checkout of most
of their retail customers.
There is now a clear requirement for a more
transparency in the process to allow the consumers better control
over their own details. The idea that Experian makes money from
selling MY details to others is distasteful; so for starters, I
want to be paid at least 50% of anything Experian charges for use
of MY data, and I want to be immediately notified when anyone
attempts to access my record so that I can decide if I will permit
The feeble excuses that it will take 3 years
for the industry to change its systems are nonsense. I'm quite
certain that I could collect a small but competent team in a week
that would be pleased to do in under 3 months. It is not a complex
process, but if you begin to look closely at the consumer credit
reference business, I think you may find that the words
"cosy" and "cartel" spring to mind.
I proposed an alternative solution some while
ago – and even prototyped an online database system called
in which the participants are able to directly manage their OWN
data (with appropriate safeguards, of course) and remain informed
every step of the process as to who is enquiring about what.
I revisited this project recently, and the
system is being further developed to allow its user to set a
tariff for charging access basic information such as personal
phone numbers – because many people would be willing to sell a
"use once and throw away redirection" for say £10 (they
can set the cost) in case of emergency (and then optionally refund
the £10 if the call was justified). The present
"ex-directory" process is a very blunt instrument just
to keep the cold sales callers away. And if a double-glazing
salesperson is willing to spend £10 to hear me tell them to
"go away" in 5 seconds, I'm happy to take £10 for 5
seconds of my time.
Generally, I want to know who is looking up
– or attempting to look up – my phone number as much as I want
to know who is asking for a credit check. And so might the police,
after a burglary.
Please let’s not listen to any "it
can't be done" nonsense from any of the self-interested
members of the present reference cartel.
This all leads to another crisis of out time
– 80% of email sent to any address that has been publicly listed
anywhere and is now being spammed gets ignored. Try emailing a
complaint to any address that you can find on the website of a
large UK company and see how far it gets you. There needs to be a
method of embedding and “automatic character reference” that
is the opposite of a spam filter – in other words, email that
can be checked to see if the sender is of sound mind, and the
message worth reading.
So what if a message arrived in your inbox
with a digital certificate that said "the sender of this
message is known to at least 5 other people in your personal
EnContact listing and is not regarded by any of them as dangerous
or barmy”, would you consider that to be useful …or alarming?
Wouldn't you like to be able to just go
straight to your personal data record and tick the item marked
"no junk mail, no junk faxes and no junk telephone calls –
ever, or else...". Or maybe you'd go for the option that
says: "By all means send me the junk mail, but I'll have 50p
for every envelope I get, so you will need pay not just the list
broking agency that sold you my address, and not just the agency
that delivers it". After all, you might have an efficient
wood-burning stove to fuel. The present process of contacting
assorted regulators and registrars is utterly arcane; and heaven
forefend, there may actually be someone out there with something
really useful to send you that you could miss if you just said
“stop it” to everything.
In that same way that the first thing that
Orange does when you want to take out a contract on a cellphone is
"check you out" in case you have a record of dodging
phone bills, why shouldn't you be able to do the same to all
incoming mail that could otherwise be a waste of your time..?
In fact, simply managing identity in the
context of preventing email spam and unauthorised computer
identity theft is another whole vast subject – but it all starts
with the individual taking control of their own data and managing
it, and we ought to start somewhere, and soon.