Thank you for your letter of 27 July 2004 about credit data sharing. Let me start with a clear recognition of the importance of responsible lending (and responsible borrowing) and of full and fair competition.

  The second paragraph of your letter states that it has been drawn to your Committee's attention that there are certain legislative barriers to improved data sharing arising from the Data Protection legislation. I am afraid that this is a commonly held view—but it is not strictly correct. The main barrier to a wider sharing of historic data is the common law duty of confidence rather than the Data Protection Act 1998. There is though an interaction between the two. The 1998 Act requires that any processing of personal data is "lawful". A disclosure of personal information that involves a breach of the common law duty of confidence will not be lawful and will therefore also contravene Data Protection law.

  The legal advice that we have received is that banks, card issuers and other financial institutions owe a duty of confidence to their customers as regards a customer's financial standing and affairs. A disclosure of such information by a financial institution to a credit reference agency without the customer's consent potentially breaches this duty.

  There are some limited exceptions which enable disclosure of confidential information without consent. One is where there is an overriding duty to the public to disclose. Another is where, in a banking context, the interests of the bank require disclosure. Our legal advice was that these exceptions could not be used to justify the sharing of positive information without consent. This legal advice also raised doubt as to whether these exceptions to the duty of confidence could be used to justify the sharing of negative information. However, my predecessor took the view that she would not seek to prevent the sharing of negative information without consent provided certain conditions were met.

  I do though wonder whether the problems caused by non sharing of positive information are as extensive as some appear to suggest. My office issued guidance on this matter as long ago as 1996. This guidance did not seek to change the practice of those lenders who are already sharing positive information. It did though make clear to those who were not previously sharing such information how they could do so, at least for new customers. Given the extent of positive information sharing that was already in place, the rate of turnover in the market and the apparent eagerness of credit and store card issuers to share positive information it would be surprising if the non sharing of information is particularly widespread, at least amongst credit card issuers. This appears to be the area of the market in which you have a particular interest. I do though recognise that in some other areas of the market such as traditional banking accounts with overdraft arrangements, the situation might be different.

  I also wonder whether some changes in the industry practice might at least partly address the concerns. Is part of the problem with positive information that is already shared only being available to those lenders who themselves supply positive information to credit reference agencies rather than to all lenders? If so then the answer lies in changes to industry practice rather than amendments to either Data Protection legislation or the duty of confidence. Another change might be for lenders to routinely ask applicants themselves to provide information on their existing commitments. I appreciate that not all applicants would necessarily give the full picture. Nevertheless, lenders might be alerted to the existence of accounts of which they were otherwise unaware. They could then adopt a cautious approach to lending. Furthermore, any over commitment resulting from a customer's failure to make an honest declaration would clearly be the customer's rather than the lender's responsibility. Indeed the customer might well have committed a fraud.

  My officials have been in contact with DTI officials to discuss the above points. Their discussions have been useful. I understand that the DTI are now considering the legal position, are seeking further information from the credit industry to support their case for wider information sharing and are considering what, if any, legislative opportunities there might be to address the confidentiality question.

  Perhaps finally, I should make clear that even positive information on historic accounts can be shared with the customer's consent. So far as the question of preventing competition is concerned a lender that offers a particularly attractive interest rate is not prevented from making it a condition of business that in return the customer agrees to information on all his or her credit commitments being made available to the lender. Customers ought not necessarily to be precluded from access to lower interest rates although they might have to give their consent to wider information sharing in order to gain such access.

9 September 2004