Feeds

Storing punters' till receipts? UK.gov wants you to hand it over

Businesses may have to cough up transaction records

Remote control for virtualized desktops

Businesses that electronically store personal data about consumers may be required to make some of that information available to those individuals "in a machine readable format" if plans under consideration by the government are followed through.

The Department for Business, Innovation and Skills (BIS) is consulting on whether to legislate to make it a requirement for companies to provide individuals with electronic, machine-readable copies of "historic transaction data" they hold when those individuals request it.

Introducing such a requirement would build on the voluntary 'midata' programme to which some major companies are currently signed up. It would also expand on existing personal data access rights individuals have under the Data Protection Act, BIS said.

"The midata programme has shown how consumer empowerment through data release can operate," BIS said in its consultation document (28-page/483KB PDF). "Progress has been made on establishing a vision and principles. We understand better the current consumer and business perceptions and the need for safeguards when consumers use their data. And we have started to see data made available."

"This initial promise has convinced the government that more should be done to unlock the benefits of this data revolution. That is why we are consulting on the possibility of taking an order making power. If utilised, this will compel suppliers of services and goods to provide to their customers, upon request, historic transaction data in a machine readable format. The requirement would only apply to businesses that already hold individuals data electronically," it added.

"Our view is that the requirement: would only relate to transaction data relating to a consumer’s purchase/consumption of products and services from that supplier; would only cover factual information, for example what a consumer bought, where they bought it, how much they paid for it etc.; would not cover any subsequent analysis that the data holder has undertaken on the information; would only apply to businesses that already hold this information electronically and it will only have to be released if requested by consumers. Businesses would not be required to collect any new information," according to BIS' proposal.

Last year BIS announced that 19 major brands, including Google, Royal Bank of Scotland, British Gas and Visa, had all signed up to the voluntary 'midata' scheme. The scheme requires those signed up to provide consumers with "increasing access to their personal data in a portable, electronic format," the Department said at the time.

BIS now plans to make it mandatory for all businesses storing "historic transaction data" electronically to provide it in a machine readable form upon request. Legislation to that effect would only come into force following an order by the Business Secretary, the Department has proposed.

Currently individuals have the right to request that organisations grant them access to the personal data they store about them under the Data Protection Act. However, organisations are only obliged to provide the individuals with the information in "an intelligible form". In contrast BIS said that, under its new proposals, "historic transaction data" would be provided in a "commonly used open standard format".

BIS said that it expects a new market in "personal data management" would spawn from the introduction of its proposed new requirement. Such services are likely to include those that "help individuals understand their own consumption behaviours and patterns and help them change them for the better," it said.

Other services that "combine personal and other data from a range of different sources for use by the individual and by organisations to offer new goods and services" or "use an individual’s data to help them make more informed purchasing decisions," could also be offered by companies, BIS added.

"The government is convinced that midata has real potential to help consumers, business and the UK economy," BIS said. "For this reason, the government would like to see even faster progress over the coming year and has therefore decided to seek views on providing a legislative underpinning for the midata’s vision."

The consultation on BIS' proposal is open until 10 September.

Under proposed reforms to EU data protection laws, consumers would have a right to switch electronically processed personal data from a firm to its rival through a "commonly used" electronic format.

However, UK businesses have complained that those 'data portability' rules do not allow for organisations to protect their trade secrets and intellectual property rights and that the cost of changing systems in order to comply with such a requirement could be as much as £5m, with those costs probably being passed on to consumers.

Copyright © 2012, Out-Law.com

Out-Law.com is part of international law firm Pinsent Masons.

Internet Security Threat Report 2014

More from The Register

next story
MI6 oversight report on Lee Rigby murder: US web giants offer 'safe haven for TERRORISM'
PM urged to 'prioritise issue' after Facebook hindsight find
Assange™ slumps back on Ecuador's sofa after detention appeal binned
Swedish court rules there's 'great risk' WikiLeaker will dodge prosecution
NSA mass spying reform KILLED by US Senators
Democrats needed just TWO more votes to keep alive bill reining in some surveillance
'Internet Freedom Panel' to keep web overlord ICANN out of Russian hands – new proposal
Come back with our internet! cries Republican drawing up bill
prev story

Whitepapers

Why and how to choose the right cloud vendor
The benefits of cloud-based storage in your processes. Eliminate onsite, disk-based backup and archiving in favor of cloud-based data protection.
Forging a new future with identity relationship management
Learn about ForgeRock's next generation IRM platform and how it is designed to empower CEOS's and enterprises to engage with consumers.
Driving business with continuous operational intelligence
Introducing an innovative approach offered by ExtraHop for producing continuous operational intelligence.
10 threats to successful enterprise endpoint backup
10 threats to a successful backup including issues with BYOD, slow backups and ineffective security.
High Performance for All
While HPC is not new, it has traditionally been seen as a specialist area – is it now geared up to meet more mainstream requirements?