Feeds

Storing punters' till receipts? UK.gov wants you to hand it over

Businesses may have to cough up transaction records

Providing a secure and efficient Helpdesk

Businesses that electronically store personal data about consumers may be required to make some of that information available to those individuals "in a machine readable format" if plans under consideration by the government are followed through.

The Department for Business, Innovation and Skills (BIS) is consulting on whether to legislate to make it a requirement for companies to provide individuals with electronic, machine-readable copies of "historic transaction data" they hold when those individuals request it.

Introducing such a requirement would build on the voluntary 'midata' programme to which some major companies are currently signed up. It would also expand on existing personal data access rights individuals have under the Data Protection Act, BIS said.

"The midata programme has shown how consumer empowerment through data release can operate," BIS said in its consultation document (28-page/483KB PDF). "Progress has been made on establishing a vision and principles. We understand better the current consumer and business perceptions and the need for safeguards when consumers use their data. And we have started to see data made available."

"This initial promise has convinced the government that more should be done to unlock the benefits of this data revolution. That is why we are consulting on the possibility of taking an order making power. If utilised, this will compel suppliers of services and goods to provide to their customers, upon request, historic transaction data in a machine readable format. The requirement would only apply to businesses that already hold individuals data electronically," it added.

"Our view is that the requirement: would only relate to transaction data relating to a consumer’s purchase/consumption of products and services from that supplier; would only cover factual information, for example what a consumer bought, where they bought it, how much they paid for it etc.; would not cover any subsequent analysis that the data holder has undertaken on the information; would only apply to businesses that already hold this information electronically and it will only have to be released if requested by consumers. Businesses would not be required to collect any new information," according to BIS' proposal.

Last year BIS announced that 19 major brands, including Google, Royal Bank of Scotland, British Gas and Visa, had all signed up to the voluntary 'midata' scheme. The scheme requires those signed up to provide consumers with "increasing access to their personal data in a portable, electronic format," the Department said at the time.

BIS now plans to make it mandatory for all businesses storing "historic transaction data" electronically to provide it in a machine readable form upon request. Legislation to that effect would only come into force following an order by the Business Secretary, the Department has proposed.

Currently individuals have the right to request that organisations grant them access to the personal data they store about them under the Data Protection Act. However, organisations are only obliged to provide the individuals with the information in "an intelligible form". In contrast BIS said that, under its new proposals, "historic transaction data" would be provided in a "commonly used open standard format".

BIS said that it expects a new market in "personal data management" would spawn from the introduction of its proposed new requirement. Such services are likely to include those that "help individuals understand their own consumption behaviours and patterns and help them change them for the better," it said.

Other services that "combine personal and other data from a range of different sources for use by the individual and by organisations to offer new goods and services" or "use an individual’s data to help them make more informed purchasing decisions," could also be offered by companies, BIS added.

"The government is convinced that midata has real potential to help consumers, business and the UK economy," BIS said. "For this reason, the government would like to see even faster progress over the coming year and has therefore decided to seek views on providing a legislative underpinning for the midata’s vision."

The consultation on BIS' proposal is open until 10 September.

Under proposed reforms to EU data protection laws, consumers would have a right to switch electronically processed personal data from a firm to its rival through a "commonly used" electronic format.

However, UK businesses have complained that those 'data portability' rules do not allow for organisations to protect their trade secrets and intellectual property rights and that the cost of changing systems in order to comply with such a requirement could be as much as £5m, with those costs probably being passed on to consumers.

Copyright © 2012, Out-Law.com

Out-Law.com is part of international law firm Pinsent Masons.

Providing a secure and efficient Helpdesk

More from The Register

next story
Phones 4u slips into administration after EE cuts ties with Brit mobe retailer
More than 5,500 jobs could be axed if rescue mission fails
Israeli spies rebel over mass-snooping on innocent Palestinians
'Disciplinary treatment will be sharp and clear' vow spy-chiefs
Apple CEO Tim Cook: TV is TERRIBLE and stuck in the 1970s
The iKing thinks telly is far too fiddly and ugly – basically, iTunes
Huawei ditches new Windows Phone mobe plans, blames poor sales
Giganto mobe firm slams door shut on Microsoft. OH DEAR
Phones 4u website DIES as wounded mobe retailer struggles to stay above water
Founder blames 'ruthless network partners' for implosion
Found inside ISIS terror chap's laptop: CELINE DION tunes
REPORT: Stash of terrorist material found in Syria Dell box
Show us your Five-Eyes SECRETS says Privacy International
Refusal to disclose GCHQ canteen menus and prices triggers Euro Human Rights Court action
prev story

Whitepapers

Secure remote control for conventional and virtual desktops
Balancing user privacy and privileged access, in accordance with compliance frameworks and legislation. Evaluating any potential remote control choice.
Saudi Petroleum chooses Tegile storage solution
A storage solution that addresses company growth and performance for business-critical applications of caseware archive and search along with other key operational systems.
High Performance for All
While HPC is not new, it has traditionally been seen as a specialist area – is it now geared up to meet more mainstream requirements?
Security for virtualized datacentres
Legacy security solutions are inefficient due to the architectural differences between physical and virtual environments.
Providing a secure and efficient Helpdesk
A single remote control platform for user support is be key to providing an efficient helpdesk. Retain full control over the way in which screen and keystroke data is transmitted.