Feeds

Storing punters' till receipts? UK.gov wants you to hand it over

Businesses may have to cough up transaction records

Seven Steps to Software Security

Businesses that electronically store personal data about consumers may be required to make some of that information available to those individuals "in a machine readable format" if plans under consideration by the government are followed through.

The Department for Business, Innovation and Skills (BIS) is consulting on whether to legislate to make it a requirement for companies to provide individuals with electronic, machine-readable copies of "historic transaction data" they hold when those individuals request it.

Introducing such a requirement would build on the voluntary 'midata' programme to which some major companies are currently signed up. It would also expand on existing personal data access rights individuals have under the Data Protection Act, BIS said.

"The midata programme has shown how consumer empowerment through data release can operate," BIS said in its consultation document (28-page/483KB PDF). "Progress has been made on establishing a vision and principles. We understand better the current consumer and business perceptions and the need for safeguards when consumers use their data. And we have started to see data made available."

"This initial promise has convinced the government that more should be done to unlock the benefits of this data revolution. That is why we are consulting on the possibility of taking an order making power. If utilised, this will compel suppliers of services and goods to provide to their customers, upon request, historic transaction data in a machine readable format. The requirement would only apply to businesses that already hold individuals data electronically," it added.

"Our view is that the requirement: would only relate to transaction data relating to a consumer’s purchase/consumption of products and services from that supplier; would only cover factual information, for example what a consumer bought, where they bought it, how much they paid for it etc.; would not cover any subsequent analysis that the data holder has undertaken on the information; would only apply to businesses that already hold this information electronically and it will only have to be released if requested by consumers. Businesses would not be required to collect any new information," according to BIS' proposal.

Last year BIS announced that 19 major brands, including Google, Royal Bank of Scotland, British Gas and Visa, had all signed up to the voluntary 'midata' scheme. The scheme requires those signed up to provide consumers with "increasing access to their personal data in a portable, electronic format," the Department said at the time.

BIS now plans to make it mandatory for all businesses storing "historic transaction data" electronically to provide it in a machine readable form upon request. Legislation to that effect would only come into force following an order by the Business Secretary, the Department has proposed.

Currently individuals have the right to request that organisations grant them access to the personal data they store about them under the Data Protection Act. However, organisations are only obliged to provide the individuals with the information in "an intelligible form". In contrast BIS said that, under its new proposals, "historic transaction data" would be provided in a "commonly used open standard format".

BIS said that it expects a new market in "personal data management" would spawn from the introduction of its proposed new requirement. Such services are likely to include those that "help individuals understand their own consumption behaviours and patterns and help them change them for the better," it said.

Other services that "combine personal and other data from a range of different sources for use by the individual and by organisations to offer new goods and services" or "use an individual’s data to help them make more informed purchasing decisions," could also be offered by companies, BIS added.

"The government is convinced that midata has real potential to help consumers, business and the UK economy," BIS said. "For this reason, the government would like to see even faster progress over the coming year and has therefore decided to seek views on providing a legislative underpinning for the midata’s vision."

The consultation on BIS' proposal is open until 10 September.

Under proposed reforms to EU data protection laws, consumers would have a right to switch electronically processed personal data from a firm to its rival through a "commonly used" electronic format.

However, UK businesses have complained that those 'data portability' rules do not allow for organisations to protect their trade secrets and intellectual property rights and that the cost of changing systems in order to comply with such a requirement could be as much as £5m, with those costs probably being passed on to consumers.

Copyright © 2012, Out-Law.com

Out-Law.com is part of international law firm Pinsent Masons.

Boost IT visibility and business value

More from The Register

next story
There's NOTHING on TV in Europe – American video DOMINATES
Even France's mega subsidies don't stop US content onslaught
You! Pirate! Stop pirating, or we shall admonish you politely. Repeatedly, if necessary
And we shall go about telling people you smell. No, not really
Airbus promises Wi-Fi – yay – and 3D movies (meh) in new A330
If the person in front reclines their seat, this could get interesting
BBC goes offline in MASSIVE COCKUP: Stephen Fry partly muzzled
Auntie tight-lipped as major outage rolls on
UK Parliament rubber-stamps EMERGENCY data grab 'n' keep bill
Just 49 MPs oppose Drip's rushed timetable
Want to beat Verizon's slow Netflix? Get a VPN
Exec finds stream speed climbs when smuggled out
Samsung threatens to cut ties with supplier over child labour allegations
Vows to uphold 'zero tolerance' policy on underage workers
Dude, you're getting a Dell – with BITCOIN: IT giant slurps cryptocash
1. Buy PC with Bitcoin. 2. Mine more coins. 3. Goto step 1
prev story

Whitepapers

Top three mobile application threats
Prevent sensitive data leakage over insecure channels or stolen mobile devices.
The Essential Guide to IT Transformation
ServiceNow discusses three IT transformations that can help CIO's automate IT services to transform IT and the enterprise.
Mobile application security vulnerability report
The alarming realities regarding the sheer number of applications vulnerable to attack, and the most common and easily addressable vulnerability errors.
How modern custom applications can spur business growth
Learn how to create, deploy and manage custom applications without consuming or expanding the need for scarce, expensive IT resources.
Consolidation: the foundation for IT and business transformation
In this whitepaper learn how effective consolidation of IT and business resources can enable multiple, meaningful business benefits.