PS Consultants - ideas & solutions

Who owns you..?

August 02

Last month’s brief foray into the menace of spyware and adware, and the consequences for personal “freedom from marketing” has produced a response from the floor that indicates quite clearly that some of you are getting quite ratty about the way your own personal information is being gathered and sold without your knowledge, and without any of the revenue coming your way.

So I did some research, and paid to get my Experian record ( and was surprised to find what it contained – including details of my late father-in-law who died in January 1999. Thanks to the provisions of the Data Protection Act, it's easy enough to order your personal credit file – although it took 14 days to get the answers in the post.

Credit reference companies like Experian know very well that they are treading on eggshells, and go to some lengths to explain themselves in the effort to look caring and inclusive. They make efforts to explain about 3rd party disclosure – however, they make the process of obtaining and correcting your own information as slow and cumbersome as possible – compared to the instant lookup available at the checkout of most of their retail customers.

There is now a clear requirement for a more transparency in the process to allow the consumers better control over their own details. The idea that Experian makes money from selling MY details to others is distasteful; so for starters, I want to be paid at least 50% of anything Experian charges for use of MY data, and I want to be immediately notified when anyone attempts to access my record so that I can decide if I will permit it.

The feeble excuses that it will take 3 years for the industry to change its systems are nonsense. I'm quite certain that I could collect a small but competent team in a week that would be pleased to do in under 3 months. It is not a complex process, but if you begin to look closely at the consumer credit reference business, I think you may find that the words "cosy" and "cartel" spring to mind.

I proposed an alternative solution some while ago – and even prototyped an online database system called "EnContact"  ( in which the participants are able to directly manage their OWN data (with appropriate safeguards, of course) and remain informed every step of the process as to who is enquiring about what.

I revisited this project recently, and the system is being further developed to allow its user to set a tariff for charging access basic information such as personal phone numbers – because many people would be willing to sell a "use once and throw away redirection" for say £10 (they can set the cost) in case of emergency (and then optionally refund the £10 if the call was justified). The present "ex-directory" process is a very blunt instrument just to keep the cold sales callers away. And if a double-glazing salesperson is willing to spend £10 to hear me tell them to "go away" in 5 seconds, I'm happy to take £10 for 5 seconds of my time.

Generally, I want to know who is looking up – or attempting to look up – my phone number as much as I want to know who is asking for a credit check. And so might the police, after a burglary.

Please let’s not listen to any "it can't be done" nonsense from any of the self-interested members of the present reference cartel.

This all leads to another crisis of out time – 80% of email sent to any address that has been publicly listed anywhere and is now being spammed gets ignored. Try emailing a complaint to any address that you can find on the website of a large UK company and see how far it gets you. There needs to be a method of embedding and “automatic character reference” that is the opposite of a spam filter – in other words, email that can be checked to see if the sender is of sound mind, and the message worth reading.

So what if a message arrived in your inbox with a digital certificate that said "the sender of this message is known to at least 5 other people in your personal EnContact listing and is not regarded by any of them as dangerous or barmy”, would you consider that to be useful …or alarming?

Wouldn't you like to be able to just go straight to your personal data record and tick the item marked "no junk mail, no junk faxes and no junk telephone calls – ever, or else...". Or maybe you'd go for the option that says: "By all means send me the junk mail, but I'll have 50p for every envelope I get, so you will need pay not just the list broking agency that sold you my address, and not just the agency that delivers it". After all, you might have an efficient wood-burning stove to fuel. The present process of contacting assorted regulators and registrars is utterly arcane; and heaven forefend, there may actually be someone out there with something really useful to send you that you could miss if you just said “stop it” to everything.

In that same way that the first thing that Orange does when you want to take out a contract on a cellphone is "check you out" in case you have a record of dodging phone bills, why shouldn't you be able to do the same to all incoming mail that could otherwise be a waste of your time..?

In fact, simply managing identity in the context of preventing email spam and unauthorised computer identity theft is another whole vast subject – but it all starts with the individual taking control of their own data and managing it, and we ought to start somewhere, and soon.