Feeds

Storing punters' till receipts? UK.gov wants you to hand it over

Businesses may have to cough up transaction records

Internet Security Threat Report 2014

Businesses that electronically store personal data about consumers may be required to make some of that information available to those individuals "in a machine readable format" if plans under consideration by the government are followed through.

The Department for Business, Innovation and Skills (BIS) is consulting on whether to legislate to make it a requirement for companies to provide individuals with electronic, machine-readable copies of "historic transaction data" they hold when those individuals request it.

Introducing such a requirement would build on the voluntary 'midata' programme to which some major companies are currently signed up. It would also expand on existing personal data access rights individuals have under the Data Protection Act, BIS said.

"The midata programme has shown how consumer empowerment through data release can operate," BIS said in its consultation document (28-page/483KB PDF). "Progress has been made on establishing a vision and principles. We understand better the current consumer and business perceptions and the need for safeguards when consumers use their data. And we have started to see data made available."

"This initial promise has convinced the government that more should be done to unlock the benefits of this data revolution. That is why we are consulting on the possibility of taking an order making power. If utilised, this will compel suppliers of services and goods to provide to their customers, upon request, historic transaction data in a machine readable format. The requirement would only apply to businesses that already hold individuals data electronically," it added.

"Our view is that the requirement: would only relate to transaction data relating to a consumer’s purchase/consumption of products and services from that supplier; would only cover factual information, for example what a consumer bought, where they bought it, how much they paid for it etc.; would not cover any subsequent analysis that the data holder has undertaken on the information; would only apply to businesses that already hold this information electronically and it will only have to be released if requested by consumers. Businesses would not be required to collect any new information," according to BIS' proposal.

Last year BIS announced that 19 major brands, including Google, Royal Bank of Scotland, British Gas and Visa, had all signed up to the voluntary 'midata' scheme. The scheme requires those signed up to provide consumers with "increasing access to their personal data in a portable, electronic format," the Department said at the time.

BIS now plans to make it mandatory for all businesses storing "historic transaction data" electronically to provide it in a machine readable form upon request. Legislation to that effect would only come into force following an order by the Business Secretary, the Department has proposed.

Currently individuals have the right to request that organisations grant them access to the personal data they store about them under the Data Protection Act. However, organisations are only obliged to provide the individuals with the information in "an intelligible form". In contrast BIS said that, under its new proposals, "historic transaction data" would be provided in a "commonly used open standard format".

BIS said that it expects a new market in "personal data management" would spawn from the introduction of its proposed new requirement. Such services are likely to include those that "help individuals understand their own consumption behaviours and patterns and help them change them for the better," it said.

Other services that "combine personal and other data from a range of different sources for use by the individual and by organisations to offer new goods and services" or "use an individual’s data to help them make more informed purchasing decisions," could also be offered by companies, BIS added.

"The government is convinced that midata has real potential to help consumers, business and the UK economy," BIS said. "For this reason, the government would like to see even faster progress over the coming year and has therefore decided to seek views on providing a legislative underpinning for the midata’s vision."

The consultation on BIS' proposal is open until 10 September.

Under proposed reforms to EU data protection laws, consumers would have a right to switch electronically processed personal data from a firm to its rival through a "commonly used" electronic format.

However, UK businesses have complained that those 'data portability' rules do not allow for organisations to protect their trade secrets and intellectual property rights and that the cost of changing systems in order to comply with such a requirement could be as much as £5m, with those costs probably being passed on to consumers.

Copyright © 2012, Out-Law.com

Out-Law.com is part of international law firm Pinsent Masons.

Providing a secure and efficient Helpdesk

More from The Register

next story
Doctor Who's Flatline: Cool monsters, yes, but utterly limp subplots
We know what the Doctor does, stop going on about it already
Facebook, Apple: LADIES! Why not FREEZE your EGGS? It's on the company!
No biological clockwatching when you work in Silicon Valley
'Cowardly, venomous trolls' threatened with TWO-YEAR sentences for menacing posts
UK government: 'Taking a stand against a baying cyber-mob'
Happiness economics is bollocks. Oh, UK.gov just adopted it? Er ...
Opportunity doesn't knock; it costs us instead
The 'fun-nification' of computer education – good idea?
Compulsory code schools, luvvies love it, but what about Maths and Physics?
Ex-US Navy fighter pilot MIT prof: Drones beat humans - I should know
'Missy' Cummings on UAVs, smartcars and dying from boredom
Sysadmin with EBOLA? Gartner's issued advice to debug your biz
Start hoarding cleaning supplies, analyst firm says, and assume your team will scatter
Don't bother telling people if you lose their data, say Euro bods
You read that right – with the proviso that it's encrypted
prev story

Whitepapers

Forging a new future with identity relationship management
Learn about ForgeRock's next generation IRM platform and how it is designed to empower CEOS's and enterprises to engage with consumers.
Why cloud backup?
Combining the latest advancements in disk-based backup with secure, integrated, cloud technologies offer organizations fast and assured recovery of their critical enterprise data.
Win a year’s supply of chocolate
There is no techie angle to this competition so we're not going to pretend there is, but everyone loves chocolate so who cares.
High Performance for All
While HPC is not new, it has traditionally been seen as a specialist area – is it now geared up to meet more mainstream requirements?
Intelligent flash storage arrays
Tegile Intelligent Storage Arrays with IntelliFlash helps IT boost storage utilization and effciency while delivering unmatched storage savings and performance.