Stefaans Brmmer
Credit bureaus those hawkers of information on you and your creditworthiness are pushing for a new code of conduct that, critics charge, will allow them to store private details such as your political affiliation, mental state and sexual preference.
The credit industry says the majority of consumer items are bought on credit. Credit bureaus such as the Information Trust Corporation, Experian and Kreditinform perform an indispensable service to their subscribers retailers, banks and other grantors of credit by com- piling and circulating “profiles” on individuals and companies. These profiles are used to assess whether the person or entity is worthy of credit.
Credit bureaus are powerful. The information they hold can determine whether your application for a cellphone contract or a home loan is successful; even if you can buy a television set on credit.
Recognition of this power has meant that in recent years more safeguards have been built into the way credit bureaus do business. Individuals can get access to the data that credit bureaus hold on them and challenge its accuracy.
A code of conduct, agreed between the Credit Bureau Association (CBA) and the Business Practices Committee of the Department of Trade and Industry, provides this and other safeguards.
But the latest version of this code, not yet formalised as it is awaiting approval from the department, seems to give some scope to credit bureaus to collect information way beyond that required to determine your creditworthiness.
Credit bureaus typically collect the following information on individuals: sequestrations, debt judgements, current accounts and bad accounts. Personal details collected include full names, identity number, address and contact numbers, and marital and employment details.
The latest code adds a new category, which it calls “sensitive data” and includes race, ethnicity, political opinion, religious and other beliefs, trade union membership, physical and mental health, sexual orientation and offences committed or alleged to have been committed.
The proposed code says these details will “not normally be required in a database”, but this data may be processed by credit bureaus if certain conditions are met. The conditions include where the person profiled has consented or where the recording of the information is “essential to protect the interests of a person and consent cannot reasonably be obtained”.
A further exception allowed by the code, in somewhat ambiguous language, is where the informa- tion is “processed” by a non-profit organisation, which “exists legitimately for purposes relating to the sensitive data, such as a political party, a trade union or a church, and where the data relates to its membership”.
Not good enough, charges the National Consumer Forum, an umbrella body representing more than 30 consumer organisations. In a position paper released this week it criticises the CBA for failing to consult with bodies other than the Department of Trade and Industry in drawing up the new code, and for what it calls the “problem of self-regulation”.
But “perhaps the most problematic area of the code”, says the consumer body, is that it allows bureaus to hold and communicate sensitive data to clients.
“Access to this type of information could have disastrous social implications. Some employers and potential employers may discriminate against those belonging to political parties other than their own, unionised employees or potential employees and people with sexual orientations other than their own.
“This is an attempt to consolidate the private intelligence industry and as such threatens the privacy of individual consumers, their standard of living and even their security. The enlargement of the industry’s role contradicts the core mandate of the industry, that is, gathering credit information.”
How could credit bureaus obtain sensitive information? Information already collected comes mainly from the bureaus’ subscribers banks, retailers and the like who report back on your payment performance once they have extended credit to you.
Potentially a wealth of sensitive information may be accessible from, for example, medical aid and Internet service providers, who are also credit bureau subscribers and who may share their data with the bureaus. The question is whether South African privacy laws and codes are strong enough to prevent this kind of trade.
Elke Kraus, executive director of the CBA, this week said the new code, while a “marked improvement” on previous versions, is still subject to debate. She said the section on sensitive data had been taken straight from British legislation, which was “conservative”. The intention was that sensitive data could be stored only in exceptional circumstances and only if in the interest of the consumer.
Said Kraus: “It’s our first draft. We gave it to the Department of Trade and Industry and said ‘please look at it and give us your comments’. It was drafted by us, but we don’t have the last say.”
She said an example where the processing of sensitive information may become necessary includes race, which was previously not recorded. But since there have been allegations of discrimination against blacks in the granting of credit, the government may require that race be recorded to study the veracity of that allegation.
Kraus also said the voters’ roll had been made available to credit bureaus, but that the bureaus had not given that data to anybody. She could, however, conceive of a future situation where the government might want the credit bureaus to use that data in order to help update the roll.