How do credit reference agencies keep my data safe?

Data breaches and hacking scandals in the news constantly remind us about the importance of keeping our personal information safe. Consequently, the idea that credit reference agencies hold several years of your financial history can be unnerving. Nevertheless, credit reference agencies (CRAs) have a lot of measures in place to your data safe. To help put your mind at ease, this blog will answer the questions you may have about the way CRAs protect your data.

What data is held?

CRAs collect information from publicly available records, such as:

  • Court judgements made against you
  • Past addresses
  • Electoral roll information

They also may have data sent to them by different organisations who can provide CRAs with information on how much you owe and your repayment history. This includes:

  • Banks and building societies
  • Utility companies
  • Mobile phone operators
  • Social housing providers

What measures are in place?

Data Protection Act 1998 (DPA)

All of your personal information held by Noddle is used strictly in accordance with the DPA and our Privacy Policy. The DPA is a law designed to protect personal data that’s stored on computers or in an organised paper filing system, and it controls how your personal information is used by organisations, businesses, or the government. The General Data Protection Regulation (GDPR) will be replacing the DPA in May 2018 and is intended to strengthen and unify data protection for all people in the European Union. The UK will still implement GDPR despite Brexit.

The Information Commissioner’s Office (ICO) is the regulator that enforces the DPA, if Noddle were to experience a data breach or use your data incorrectly, we could be fined severely by the ICO. The ICO is responsible for regulating the DPA and the processing of personal data. It reports directly to Parliament and is sponsored by the Department for Culture, Media and Sport.

Financial Conduct Authority (FCA) regulation

Noddle and Callcredit (Noddle’s parent company) are regulated by the FCA. The FCA is a regulator of financial services firms and financial markets in the UK, making sure the markets are honest and effective so that consumers get a fair deal. Being regulated by the FCA means that we have to show that our businesses are financially sound and well controlled, that our processes and operating systems are robust, that we hold customer data securely and use it legitimately and in support of fair outcomes for consumers.

Staff training

At Noddle and Callcredit we also have rigorous internal processes, which include regular training for our staff on the ins and outs of FCA regulation and the DPA to make sure that your data is never exposed to anyone who shouldn’t have access to it.

How long is the data stored for?

The DPA states that an organisation should not keep personal data for any longer than is necessary, as data ages over time it becomes less useful to lenders as a way to predict your current level of creditworthiness.

Can I stop CRAs from holding my data?

CRAs can hold and supply information under the DPA.  Your credit report information is stored by us to enable lenders to assess your creditworthiness before approving you for a loan or another form of credit. If we didn’t hold this information when it came time for you to apply for credit you would experience a slower process because you’d need to provide the evidence yourself and then it would have to be manually validated.

If you want to see exactly what information Noddle holds on you, you can sign up for your free-for-life credit report by visiting