EURIM Personal Identity Forum Data Sharing 28 th October 2004

Consumer Credit Grantor Applies for credit & gives consent Credit Application

Consent For the credit provider to access the individual’s credit data For the credit provider to access the individual’s credit data To record a search and allow others to subsequently see the search To record a search and allow others to subsequently see the search If credit is granted / accepted to allow the credit provider to provide a monthly update on the conduct of the account If credit is granted / accepted to allow the credit provider to provide a monthly update on the conduct of the account

Consumer Credit Grantor Credit Reference Agency Requests access to data Validates the requestor Registers a search Authenticates the identity of applicant Data Requests Validated

Consumer Credit Grantor Credit Reference Agency Registers a search Experian SMS message confirming enquiry Consumer Notified

Consumer Credit Grantor Credit Reference Agency Registers a search Other Credit Grantors Subsequent access to previous searches Experian SMS message confirming enquiry Consumer Notified

Consumer Credit Grantor Credit Reference Agency Credit offered or declined Data returned Application processed & terms of business offered Appropriate data assembled Level of data access rights checked Type of transaction checked Data Processed

Reciprocity & Compliance “Only get out what you put in” “Only get out what you put in” Default level Default level ‘Bank’ level ‘Bank’ level Full data Full data Data can only be used for pre-defined purposes Data can only be used for pre-defined purposes  Authentication - no financials

Consumer Credit Grantor Credit Reference Agency Credit offer taken up Conduct of account & changes to details refreshed monthly Account set up Credit data updated Fraud data Account Set Up

Consumer Credit Grantor Credit Reference Agency Tokens - Credit Card, ATM card, CGC ID & Password Account set up Facilities Issued

Consumer Credit Grantor Credit Reference Agency Request for copy of credit file Copy of credit file returned Authenticates the identity of applicant Credit File Request

Consumer Credit Grantor Credit Reference Agency Consumer advised to contact credit grantor Consumer disputes data on credit file Experian annotates data to indicate it is in dispute Dispute resolution

Consumer Credit Grantor Credit Reference Agency Data dispute resolved & changes to data advised Experian updates data Investigates complaint Consumer contacts credit grantor Dispute resolution

Access to data is based upon consent Access to data is based upon consent Consumer authenticated using electronic data Consumer authenticated using electronic data Organisation requesting data is validated Organisation requesting data is validated Organisation’s level of data access determined Organisation’s level of data access determined Consumer notified of the search on their credit data Consumer notified of the search on their credit data Data assembled and returned to the organisation Data assembled and returned to the organisation Data updated frequently by the data providers Data updated frequently by the data providers Consumer has access rights to their data Consumer has access rights to their data Disputed data ‘suspended’ pending correction Disputed data ‘suspended’ pending correction Summary

OIC OIC FSA FSA Standing Committee On Reciprocity Standing Committee On Reciprocity DPA DPA Consumer Credit Act Consumer Credit Act Proceeds of Crime Act Proceeds of Crime Act Representation of the People Act Representation of the People Act Controlling Factors

Historic Issues - Financial Services Disparate products (and data) Disparate products (and data) Fear (of losing market lead etc.) Fear (of losing market lead etc.) Data quality of source data Data quality of source data Data Protection Data Protection  consent going forward  retrospective consent Emerging new uses of the data Emerging new uses of the data Ability to target the individual accurately Ability to target the individual accurately Vision of member (protective / progressive) Vision of member (protective / progressive)

Drivers - Financial Services Reduce fraud & credit risk losses Reduce fraud & credit risk losses Drive for efficiencies Drive for efficiencies Adding to a pot of data already created Adding to a pot of data already created Ease of access through existing channels Ease of access through existing channels Economies of scale - bigger / more accessible pot Economies of scale - bigger / more accessible pot No risk to the contributors No risk to the contributors  contributing the data  developing the mechanism  on-going operation

Drivers - Financial Services Consistency within the shared data Consistency within the shared data Increased data quality - accuracy / timeliness Increased data quality - accuracy / timeliness Targeting the right people re: eligibility Targeting the right people re: eligibility Improvements to customer service Improvements to customer service  time & cost to process applications  elapsed time Need to proactively identify people at risk Need to proactively identify people at risk  over commitment

The Solution Membership Membership Governance - Principles of Reciprocity Governance - Principles of Reciprocity Quality Standards Quality Standards Third Party Data (TPD) Agreements Third Party Data (TPD) Agreements Schedules Schedules Infrastructure Infrastructure Legislation - CCA, ROPA, DPA Legislation - CCA, ROPA, DPA Codes of conduct - DMA, FLA Codes of conduct - DMA, FLA Close interaction with regulators - ICO, DTI Close interaction with regulators - ICO, DTI

The Solution Outsourced to a third party Outsourced to a third party Commercial contracts Commercial contracts No charges to members supplying data No charges to members supplying data Charges for use of data Charges for use of data Auditable unique reference no. for each enquiry Auditable unique reference no. for each enquiry

The Solution Scaleable solution - volumes, response times, data types Scaleable solution - volumes, response times, data types Central point of expertise & ‘even-handedness’ Central point of expertise & ‘even-handedness’ Eligibility Eligibility  access to data  levels of data vs. level of membership  level of data linked to type of transaction Delivery channels Delivery channels Additional data pots e.g. Electoral Roll Additional data pots e.g. Electoral Roll

The Solution Add in ‘own’ or partner ring-fenced data Add in ‘own’ or partner ring-fenced data Added intelligence - interpretation of the data Added intelligence - interpretation of the data Added value - e.g. credit scoring Added value - e.g. credit scoring Consumer Help Service infrastructure Consumer Help Service infrastructure  handling 1.2 million requests per year  subject access within tighter SLAs  deflects access requests away from member

Drivers - Government Public Demand Public Demand Efficiency Review Gershon Efficiency Review Gershon Consequences of not moving forward - Bichard Consequences of not moving forward - Bichard Expectations rising re: service provision Expectations rising re: service provision Mobility, remoteness, data assets - increasing Mobility, remoteness, data assets - increasing Individuals more aware of ID fraud Individuals more aware of ID fraud Individuals want their ID to be protected Individuals want their ID to be protected Need to proactively identify individuals’ needs Need to proactively identify individuals’ needs Changing attitudes - “ID fraud is ok” Changing attitudes - “ID fraud is ok”

Differences DWP has ‘pay on demand’ ethos DWP has ‘pay on demand’ ethos  people in need  no time to review before payment Constrained by embedded policies, procedures & rules Constrained by embedded policies, procedures & rules Freedom of Information Act hits public sector harder - need to provide subject access Freedom of Information Act hits public sector harder - need to provide subject access More scope to give themselves legislative power e.g. SSFA More scope to give themselves legislative power e.g. SSFA Motivation? Motivation?