On September 30, the UK Information Commissioner's Office (ICO) published a review of the manner in which personal data is processed by credit reference agencies (CRAs).

Although the report focuses on CRAs, the ICO states that the issues highlighted are equally relevant to other organizations processing large amounts of personal data and to lenders who share information with CRAs.

The report identified certain areas that could be improved, including implementing a process to remind organizations supplying data to CRAs of their obligations under the Data Protection Act 1998, and a system to ensure that all CRAs' clients are audited at least once a year.

The appendices to the report provide advice for firms relating to each of the topics covered by the report including training, staff awareness, data sharing, monitoring and reporting issues and information risk management. Report.

The content of this article is intended to provide a general guide to the subject matter. Specialist advice should be sought about your specific circumstances.