Credit ratings agencies’ cock-up

Credit rating agencies play an important role in the field of consumer credit. A whole section of reported court cases concerned the potential impact on successful claimants of their records remaining unchanged in relation to a debt which was outstanding but unenforceable.

Under the Data Protection Act 1998 credit rating agencies are subject to the principal that all data is accurate and kept up to date. If that principle is breached compensation may be payable if the data holder – in this case the credit rating agency – cannot prove it took reasonable steps to ensure the accuracy of the data in question.

In a claim brought a claim against Equifax Plc., one of the main credit rating agencies, a litigant in person brought a claim on the basis that they had incorrectly recorded him as being subject to a bankruptcy order between 2001 and 2002 when an order that had been made was the subject of a stay and between 2002 and 2006 when the order had been rescinded. During that time this man had applied for and been refused credit following checks made on his Equifax file. He relied both on breach of statutory duty under the Data Protection Act 1988 but also negligence.

The issues for the court were whether there had been a breach of the DPA, whether Equifax had taken all reasonable steps to ensure their records were correct, whether it owed any duty t in negligence, and whether the man could show that any breaches established against had caused him loss.

There was no doubt that the information held by Equifax was incorrect. However the company maintained that there was nothing more they could practically do to avoid the record incorrectly reflecting the bankruptcy. They stated that there were about 400,000 bankruptcies on their files at any one time. The judge decided that Equifax had not taken reasonable steps to maintain the accuracy of the record. This is an important step forward for consumers where the credit rating agencies have cocked up.

The practical effect of a finding of breach of statutory duty and a breach of the duty of care in negligence is limited but may have some impact on the level of damages. The judge held that the agency’s obligation under the Data Protection Act 1988 was both an onerous one and a positive duty. It was not enough to sit back and let consumers do the work for them.