In December 2008 a group of credit card issuers increased the information they share with each other to include so-called "behavioural" account data for the first time.

It is hoped that this will assist lenders to predict which customers, or prospective customers, are at greater risk of over-indebtedness and to support responsible lending by preventing "credit crises" on an individual scale.

What Will Be Shared and Why?

Credit information routinely shared by lenders in the past was reportedly of limited value in predicting a customer’s ability to manage debt if they were impacted by a life change, such as the loss of a job. The current theory is that certain behaviour could tend to indicate that a person is at risk of becoming over-indebted. Agreement has now been reached on a set of industry-wide trigger points based on "behavioural" data; these include:

  • the amount of the customer’s last card repayment and whether it was equivalent to the minimum payment requested;
  • the number and value of cash advances on the card;  
  • changes to credit limits; and  
  • whether there is a promotional interest rate in place (which might be the reason why only a minimum payment is being made, as opposed to a lack of funds).  

The new data sharing initiative is the result of a substantial three year industry project led by APACS (the UK payments association). Rather than being a radical change, APACS see this as an enhancement to the reciprocal data sharing arrangements which have existed for years via the credit reference agencies (CRAs), Experian, Equifax and Callcredit serving the largest credit industry market in the EU.

Who Is Involved? Who Will be Affected?

Initially just five members of APACS are participating: Barclaycard, Capital One, GE Money, HBOS and MBNA. A wider take up is expected during the year from other members.

Only new customers are affected; they will be informed in the product terms and conditions about the types of data to be shared and the purpose. APACS has also produced an updated leaflet for consumers, entitled "Your Credit Record" which explains that, for example, information about the frequency of cash withdrawals could be shared with other lenders.

How Can the Data Be Used?

It was suggested in some quarters that more extensive data sharing might lead to aggressive marketing and lending by companies specialising in lending to already indebted individuals. However, the industry already has its own sectoral rules (the Principles of Reciprocity produced by "SCOR" or the Steering Committee on Reciprocity) which prevent information obtained from the CRAs from being used for direct marketing. The Principles permit data to be shared only for the prevention of over-commitment, bad debt, fraud and money laundering, and to support debt recovery and debtor tracing, with the aim of promoting responsible lending.

Lenders participating in the behavioural data sharing initiative must, of course, also comply with the Data Protection Act 1998 and, in particular, (a) the requirement to inform individuals about how their data will be used and (b) the rule that personal data obtained for specific purposes cannot be used subsequently in an incompatible way. These requirements go a long way to explain why the initiative applies to new credit card accounts only: in order to extend this regime to include existing credit card accounts would be likely to need either consent from account holders or a change in the law.

A Move Towards "Retrospective" Data Sharing?

A separate, though similar, area where legislative change is being considered is in relation to removing barriers to lenders sharing data on 40 million, mostly pre-1998 credit accounts, where customers were not informed that sharing would occur (so-called "non-consensual account data"). Following a public consultation exercise, an expert working group (including representatives from the Information Commissioner's Office) was appointed by the Department for Business Enterprise & Regulatory Reform. The group is due to report its recommendations to ministers in the next few months.

If legislation was implemented to facilitate the sharing of the non-consensual account data, then it could be seen as a logical progression to consider legislation extending behavioural data sharing to include pre-December 2008 credit card accounts. However, so far as sharing personal data is concerned, there is a significant brake, more fundamental even than the Data Protection Act: data sharing must be compatible with the right to respect for private and family life enshrined in Article 8 of the European Convention on Human Rights.