Tag Archives: security

New Experian service a risk to your privacy and personal security?

On the 2nd of June I received an email congratulating me on the benefits I am now receiving from Experian‘s new “CreditExpert Web Monitoring tool”.

It seems that Experian, one the the UK’s three major credit reference agencies, has launched a service that “… will automatically monitor your personal details to protect you against the theft, accidental disclosure and mis-use of your personal information online. We will monitor the web, social networks and public databases.”

Now, great, you might think, but is it really?

Credit reference agencies gather information on individuals in order to provide their corporate subscribers information that assists them in assessing the risk associated with offering credit or other financial services to an individual. Traditionally, this information comes from data provided by companies on individuals who have accounts with them. This data is used to generate a credit “score”, which represents the risk of offering an individual credit. Credit scores range for 1 (very poor risk) to 1000 (no risk). Credit reference agencies also take into account the history of those who you have a financial association with (for example your spouse).

Now, back to this new service. It spiders the web and social networking sites for information on you and alerts you when some is found. As far as this goes, this is okay., but….

If the spider finds your Facebook profile, for example, it then has a list of your “friends”. This is where it begins to get worrying. Now Experian has a list of your friends and they can link you to people you associate with. They can identify your friends’ credit file within their system. By doing this, they can begin to build a set of data which goes beyond your financial associations. By using this sort of profiling, Experian could base your credit score not just on your history but on the history of everyone you associate with on-line. They could also base your credit score on social trends or even the type of jobs your friends hold or their background and lifestyle choices.

Facebook is not the only example. Using sites such as Linkedin they could gather significant information about your business contacts and employment history and use this data too. What about your travel habits from Tripadvisor or your sexual preferences or relationship history from dating sites?

This type of profiling is neither right nor fair. It is a massive breach of your privacy. It is unfair to you and to everyone you associate with.

Now, at this point, it must be said, I have no evidence that Experian are actually doing this with the data at this point in time. However, simply the fact that they can is worrying enough.

I have read Experian’s privacy policy and they are careful not to confirm or deny exactly what information they gather. They do however confirm that they may use data they gather for the purpose of generating credit scores and that they may share this data with their subscriber companies and their sister companies. They also state that they may transfer your data outside of the UK. In many countries, personal data is not protected. As soon as it’s transferred outside of the UK it’s just data.It’s also interesting to note that the link to the Privacy Policy in the email Experian sent is a unique link, which means they’re tracking how many people click this link and actually read the privacy policy. I wonder why?

Worried yet? You should be. Wondering what you can do? There are two things you can do now:

  1. Log in to Credit Expert and opt out of this “service”.
  2. Write to Experian and ask them what they are doing with your data and make a complaint that this “service” was applied to your account automatically, not as an opt-in service.

My next step will be to write to to Experian requesting clarfication on what they are using this data for. Watch this space!