Anyone else SARN'd Experian? : LUSENET : Repossession : One Thread

Hi Forum,

I managed to successfully SARN Experian! It took a few goes and a couple of months. Cost 10. But I wonder whether they have sent me the full works? My suspicions are aroused by the fact that some documents were included twice (perhaps to cover the "accidental" omission of others?). Anyway, what I received were three items: 1 A copy of the regular credit report search as is normally supplied for a 2 fee under S7 of the DPA; 2 A copy of the correspondence surrounding the SAR application (two letters from me to them and two from them to me); 3 A single-paged A4 document entitled "Marketing Services Division, Subject Access Request- Data Protection Act". This contained data fields for: name & address; and data under the following source headings: Electoral Roll, Shareholder, Director, Lifestyle, and Client Contact (most of which "revealed no matching information").

Please does anyone else have experience or knowledge of whether Experian might have held back anything? (esp. since they have a "tenant verifier" and "candidate verifier" site); and how about that "consumer survey" that I completed and returned to one of their subsiduries some months ago? Surely there must be more eg monthly reports from my creditors, GAIN, CIFAS etc.

Any replies as to what else I might have expected to receive from EXPERIAN would be greatly appreciated.


FOOTNOTE: For the record, EQUIFAX still treat a SAR notice as though it was a 2 credit record, keep your tenner, and ignore all further correspondence. It's time to personally deliver a letter of complaint to the nearest director's home!

-- Daarius De La Ronde (, September 23, 2002


Sorry to disapoint you but...

Section 9(2) of the DPA allows a credit reference agency to respond to a SARN request with only a statement about your credit standing. No data has to be supplied unless you state that section 9(2) of the DPA does not apply to this SARN request.

DPA 9.

(1) Where the data controller is a credit reference agency, section 7 has effect subject to the provisions of this section. (2) An individual making a request under section 7 may limit his request to personal data relevant to his financial standing, and shall be taken to have so limited his request unless the request shows a contrary intention. (3) Where the data controller receives a request under section 7 in a case where personal data of which the individual making the request is the data subject are being processed by or on behalf of the data controller, the obligation to supply information under that section includes an obligation to give the individual making the request a statement, in such form as may be prescribed by the Secretary of State by regulations, of the individual's rights- (a) under section 159 of the Consumer Credit Act 1974 , and (b) to the extent required by the prescribed form, under this Act.


Experian, Equifax, and MCL are not required to send you anything else apart from a single sentence concerning your character. They will all send you copies of credit reports, some other assorted bumf, but these are just being thrown in to bulk up the response. The only bit of their SARN response that is actually required is the single sentence about you.

You will note this sentence in the letter that came with their reponse, something along the lines of "There are no adverse comments in your personal data held by us"

They may have treated your SARN as you intended, but without the staement that 9(2) does not apply, you have no way of knowing.

Send them a letter immediatly, saying that section 9(2) of the DPA did not apply to your recent SARN request, you require ALL data held against your name.

Good Luck.

-- Harry (, September 24, 2002.

Thank-you for your reply Harry. I think I managed to exclude the limitation under S9(2). In theory, at least! My initial request to Experian read (relevant extract): "Under the Subject access rights granted to me by S7 of the DPA I would be grateful if you would forward to me details of all information you keep on me that falls within the terms of the Act (to include manual and backup/archive records now that the Act is in its second transitional period). Kindly note that this request is for ALL information held concerning me in ALL areas of your business; and NOT subject to any limitation under S9 of the DPA (which would otherwise serve to restrict the request to personal data relevant to my financial standing)." That apparently hit the spot, as the reply I received (from a Consumer compliance Officer at the Directors' Office) read: "I note that you have requested a copy of all the information which Experian may hold in your name. I can inform you that should you wish to obtain a copy of your data subject access request, you should make your application in writing and enclose the fee of 10. We have 40 days upon receipt of your application to provide you with such a request." (for the record my request HAD been in writing; but rather than enclose the 10 max fee I had followed the "unable to establish your charges but will forward the amount if you notify me" approach).

Any how, upon my compliance ie re-presenting the request to Experian, again in writing, this time enclosing the 10 fee, I received the three sets of documents (as listed in my initial post in this thread) accompanied by a letter from the (same) consumer compliance officer which said simply: "Further to our recent correspondence, please find your Data Subject Access Request duly enclosed".

So there you have it! Experian certainly appear to have accepted that S9(2)of the DPA did not apply ie that this was a 10 application and not a 2. For anyone still with this, my problem is that I expected a lot more than the three items I received (listed at my initial post in this thread). After reading your post Harry, I examined my second letter to Experian (the one accompanying the 10 fee) but can see no obvious oversights on my part that might have allowed Experian off the hook (essentially the second letter was identical to my first, save that it referred to the 10 enclosure and the earlier correspondence). But I remain suspicious that Experian have not enclosed the FULL data they hold on me: has anyone please got any ideas what else they might have sent?

-- Darius De La Ronde (, September 24, 2002.

Glad that you applied the 9(2) stipulation, jolly good.

It's interesting that when you serve a SARN on a lenders, such as Halifax or Abbey National, they state/imply/infer that the information held at credit reference agencies is owned by the credit reference agencies.

But when you serve a SARN on the credit reference agencies they maintain that the data is owned by their members, the lenders.

This situation is even worse when it comes to CIFAS. CIFAS do not even have a DPA registration, and they will not even respond toi your SARN.

Data, I see no data, what data? Where?

Good Luck.

-- Harry (, September 24, 2002.

Ahha! Now you're becoming as mistrustful of credit ref agencies as I, Harry! Experian overtly run with the both the proverbial hounds and hare where, in the Q&A section of their website, they assure us poor sods, their data subjects, that credit decisions are taken by lenders and not by Experian; whereas in the section of their site pitching to their corporate customers Experian repeatedly hype their credit- scoring system. Even worse on their tenant verifier site, where it seems that people outside of the financial industry (eg letting- agents who are not part of the credit industry's reciprocal information-sharing scheme)who strictly are not entitled to view non- public data (such as our financial details) are fed such info covertly via a (financial) risk-rating score. For the benefit of any really dumb landlords who might be unable to decipher their prospective tenant's coded score, an "accept" or "reject" decision is displayed - so it seems that if as Experian would have us believe "all decisions are made by the lenders", that this is so only after "lenders" are told what decision they should make by Experian's coded scores or accept/reject advices.

I digress. So far as my SARN on Experian is concerned, I was rather hoping that they, Experian, might regard themselves as data PROCESSORS (the Act's buzz-wording?) - After all, the data Experian would supply with a standard (ie restricted by S9 of DPA) 2 application is "owned" by their "members". My problem is Experian have remained silent on the subject of what is included/excluded in my 10 SARN, and so I simply do not have any rhyme or reason on which to obtain a foothold.

Nevertheless I take careful note of what you say Harry: you appear to share my view that Experian are more cunning than a roomful of Blackadders. I too suspect they have short-changed me, and my starting point has to be to establish just what data they MIGHT have sent in response to my SARN (any ideas welcome). Only then, armed with a list of omissions, shall I be able to chase Experian for supplements.


-- Darius De La Ronde (, September 24, 2002.

Moderation questions? read the FAQ