Broker running credit searches against my wishes...

grey_gym_sock

centralizing data unnecessarily is very poor for security. that's what security researchers say, though the government often ignores them. it might be harder to break into centralized records at the FSA than into a single IFA's records, but it would be worth the "bad guys" putting a lot more effort into it, because they'd get a huge reward of useful info for committing frauds. also, a single corrupt official at the FSA could provide anybody's records to ppl who'd pay (e.g. national newspapers - as already happens with the PNC).

alan_partridge

Crikey - I posted this before going to bed (it's 11:02am here as I type this), and didn't realise it would open a can of various worms! Thanks for all your responses.

Conrad wrote: »

I know why this broker did this. He's bitter and resentful you've managed to achieve something he could not and so he's whether 1) deliberately ruining your score or 2) just intrigued to see if he could have got you accepted.

I'd like to think it's the latter. The chap has been lovely to deal with so far, and no element of malice; we just decided to pursue other avenues as he made a few bad choices when advising us.

ILW wrote: »

Might be worth considering that OP is also considering withholding the fact that he is a bankrupt from any mortgage application on a basis of "they will probably not find out".

More to this than a dodgy broker.

I can only assume that you you have somehow come to this conclusion from my other thread, where I asked for clarification of the "6yr credit file rule". Nowhere in that thread did I say I was doing anything of the sort; as someone else in that thread said:

alastairq wrote: »

That's the sort of 'personal' question best left to the motoring board.

The OP's post and response was probably borne more out of ignorance of the subject matter than anything else........so nothing more than that should be read into things.

This is my first time applying for a mortgage, or applying for any sort of lending since I declared myself bankrupt 6 years ago. I had never heard of things such as "the london gazette" and so forth, so my posts were merely as a result of an enquiring mind.

Don't infer something and then present it as fact.

kingstreet wrote: »

Worth bearing in mind by the OP, a previous bankruptcy will be picked up by the solicitor's bankruptcy search they do close to exchange. That will be enough to have the mortgage offer withdrawn by the lender when it finds out, if not disclosed at the outset.

When we bought our current property, our solicitor's search found a bankrupt with the same name as my wife and we had to certify it wasn't the same person.

Thanks kingstreet, I didn't know that and it's exactly the sort of useful bit of information that I was looking for on my other thread.

kingstreet wrote: »

We only hold information necessary to advise someone for a mortgage. It's more or less what you put on a mortgage application, apart from the addition of a few soft-facts, "what ifs?" you might call them.

If we weren't allowed to keep this information, we'd never be able to defend any complaint made against us.

What information would you determine we shouldn't retain?

Well, that's the thing - he asked me to send him all of my bank and card details (including the 3 digit security number, etc.) in the form of an unsecured Excel spreadsheet. It wasn't even password protected. Now, I'm not for a minute suggesting that he is going to do anything dodgy with it, but I do not want such information lying around on a hard drive somewhere, or a shared folder where anyone could stumble upon it. It is this data that I was referring to, and it is that which I requested he delete.

dunstonh wrote: »

He cant remove your information and he hasnt run the credit search. If it was him then it would not say Nationwide. Somehow Nationwide have run the search and that is what you need to find out.

It was him. We had previously discussed various mortgage offers, he had said Nationwide was the best, went into great detail about their mortgage, and the check that was run was for the exact value that we had discussed. Even if Nationwide had somehow got my details and decided to run a search just for a laugh, it would be a bit of a co-incidence that it was for exactly the same amount that we had previously discussed with this mortgage broker!

Thanks a lot for all of your input; I guess I won't know what's really happened until I can ring him when I'm home (I did email last night, but got no response).

droiderm

dunstonh wrote: »

Some of the biggest data protection breaches have come from firms employing third parties to do jobs. Most common is the transferring of data from the location to the storage destination. So, under your proposal, more firms would be doing that which increases the chances of data protection breaches.

There are FSA guidelines on data protection and firms are checked on their compliance visits to make sure they are complying. That is a damned site better than most other retail industries that have to comply with data protection but dont have anyone checking on them.

I don't think citing situations of transferring data means the transfer of data has to be insecure.

droiderm

grey_gym_sock wrote: »

centralizing data unnecessarily is very poor for security. that's what security researchers say, though the government often ignores them. it might be harder to break into centralized records at the FSA than into a single IFA's records, but it would be worth the "bad guys" putting a lot more effort into it, because they'd get a huge reward of useful info for committing frauds. also, a single corrupt official at the FSA could provide anybody's records to ppl who'd pay (e.g. national newspapers - as already happens with the PNC).

I could understand a part of that argument if your talking about open electronic storage. Even then i would prefer that to an individual keeping i thousands of records. I would suggest a breach is more likely to be reported in a centralized location .
I would much prefer my records being in the equivalent of a bank. I am sure you guys would to

olly300

droiderm wrote: »

I could understand a part of that argument if your talking about open electronic storage. Even then i would prefer that to an individual keeping i thousands of records. I would suggest a breach is more likely to be reported in a centralized location .
I would much prefer my records being in the equivalent of a bank. I am sure you guys would to

Yes banks report breaches but they have many breaches daily.

olly300

alan_partridge wrote: »

Well, that's the thing - he asked me to send him all of my bank and card details (including the 3 digit security number, etc.) in the form of an unsecured Excel spreadsheet. It wasn't even password protected. Now, I'm not for a minute suggesting that he is going to do anything dodgy with it, but I do not want such information lying around on a hard drive somewhere, or a shared folder where anyone could stumble upon it. It is this data that I was referring to, and it is that which I requested he delete.
.

When you complain to someone like this use a recorded delivery letter as well.

The Information Commissioner expects you to complain this way if you need to get them involved later. That way there is no issue that the company/person you are complaining can argue they didn't get the letter and be believed.

You should also clearly state what part of the Data Protection Act you think he has breached, and tell him that you informed him on x date by email which he acknowledged on y date you asked him to stop processing your personal data.

On another note since he asked you for irrelevant personal information i.e. bank card details which are not relevant to your mortgage application, I would also phone up the FSA and have a word with them. You don't need to inform him you are doing this. (The bank card details are relevant for payment but he should make it clear when you have to pay and the amount before asking you to.)

dunstonh

I don't think citing situations of transferring data means the transfer of data has to be insecure.

Just as small firms keeping records at home or in offices doesnt mean it has to be insecure either.

I would much prefer my records being in the equivalent of a bank. I am sure you guys would to

Good God no. I dont want a bank being able to look at client records. They dont need much of an excuse to market clients now as it is.

kingstreet

I can see no reason for a request for debit or credit card numbers at the agreement in principle stage.

This data is required only at full application stage, should not be exchanged electronically and destroyed as soon as its use is over.

On this I agree with the OP and droiderm, I expect.

grey_gym_sock

droiderm wrote: »

I could understand a part of that argument if your talking about open electronic storage. Even then i would prefer that to an individual keeping i thousands of records.

what do you mean by "open"?

i am mostly thinking of electronic storage, because that is how most things are likely to be stored now, and it's more likely still if the storage is centralized. paper records are in some ways less open to abuse - somebody can't walk out of a building with millions of paper records in their pocket, and leave them on a train, etc - but are not always practical.

I would suggest a breach is more likely to be reported in a centralized location .

and more likely to be of thousands, or millions, of records.

I would much prefer my records being in the equivalent of a bank. I am sure you guys would to

records locked away in a bank vault? or on a bank's computer system? they do have very sophisticated systems, but they are also under greater attack than almost any systems, and they are not always honest about what's gone wrong.