A stickler for our privacy: The new Data Protection Registrar is taking on the banks. Lynne Curry reports

Your support helps us to tell the story

Support Now

Find out moreClose

Our mission is to deliver unbiased, fact-based reporting that holds power to account and exposes the truth.

Whether $5 or $50, every contribution counts.

Support us to deliver journalism without an agenda.

Louise Thomas

Editor

Just before Elizabeth France moved into her unfussy, strip-lit office in Wilmslow, Cheshire, her son sent off for some sunglasses - and made a minor literal error in his letter. Now, from the repetition of the mistake on 'junk mail', the France household can tell how and where his personal details are being disseminated.

But he is not likely to make a formal complaint to his mother, the new Data Protection Registrar, though she wants people's computer-held details to be protected from scrutiny unless they expressly consent to disclosure.

Mrs France, 44, is still finding her feet in the post - occupied by her predecessor, Eric Howe, for 10 years - and her way around the office block that accommodates her 100 or so staff. But she is by no means a fluffy female successor to the avuncular but terrier-like Mr Howe.

She may be a consensus manager, but she moves fast to the bottom line: 'If I can make progress by talking, that's what I'll do, but I won't hesitate to use the powers that Parliament has given me if that doesn't succeed.'

At the end of this month she will meet the CCN Group, one of the four main credit reference agencies with whom Mr Howe had a considerable difference of opinion; nor did he agree often with the banks, finance houses and other credit-suppliers.

Earlier this year he recommended that they should not be allowed to supply or disseminate 'white' financial information unless customers gave their consent. 'White' information includes amounts outstanding on credit cards, personal loans, first and second mortgages, hire purchase and any other borrowing. 'Black' information, over which neither Mr Howe nor Mrs France has any reservations, covers arrears, county court judgments and other bad-debt factors.

CCN will be hoping to change Mrs France's mind on white matters, but is likely to be disappointed. 'It will probably be a bit like Daniel going into the lions' den,' she says, 'but it's important that they've invited me. I don't think we should move our position, however.'

The Office of the Data Protection Registrar may seem remote to most people, but then, as its publicity manager Dianne Bown- Wilson points out, many people only find out about credit reference agencies, the 'clearing house' of the lending milieu, when they are refused credit.

It is the public, rather than the banks or other lenders, with whom the office would most like to communicate. People's personal details, Mrs France says, should not become commercial information. 'We are here to consider what I don't think is too strong to call a human right. But we cannot be Luddite; there is legitimate business interest. Placing any burden on industry is one concern, and we have a balancing act to play between ministers, who say that deregulation is the order of the day.'

Mrs France says customers' 'informed consent' should be required before details are disclosed. This would rule out the practice of making customers 'opt out' by ticking a box; she wants them to have to 'opt in'. And if customers refuse, they should not be refused service.

The office has been receiving more and more complaints each year - 4,500 in 1993 - and increasingly they require investigation. While no amount of legislation can tackle the criminal supplier of information, such as the bribed bank official, educating the public can ensure that the current regulations are fully used. 'The man in the street has rights,' she says. 'It's a matter of his knowing he has redress.'

Companies, too, are reluctant to be educated. Of the 3 million trading organisations in the UK, only 180,000 are registered as holders of information on computer. The Data Protection Registrar cannot take action against organisations that are not registered. In the 12 months to May 31 this year, 32 data users were prosecuted for failing to register. They included a health farm, theatres and a holiday company. The maximum fine imposed was pounds 2,000.

Mrs France knows that failure to enforce registration badly damages the office's effectiveness and credibility as a protector. She hopes its views will be taken fully into account when British legislation is redrafted to adapt to a Euorpean Union directive.

But she may press for amendments before that, to make the Data Protection Act easier to enforce. At present her office has no power to inspect data records; it can act only on a complaint.

After more than 20 years as a career civil servant, the past five as head of the Home Office's information and pay services division in Bootle, Lancashire, some questioned whether Mrs France could distance herself from her former masters, with whom she may have disagreements.

Unprompted, she underlines the office's impartiality and accountability only to Parliament. 'The Data Protection Act sets out fairly clearly what our powers are, and Eric Howe has not been afraid to use them,' she says. 'Neither shall I be.'