Note: I was going to post this to an existing thread, but decided upon further contemplation that it belongs in neither ‘Checking your own credit rating’ nor ‘How to fix low credit rating due to credit enquiries’, both of which have been long dormant.
I have just requested a free credit report from Equifax Australia (previously Veda), after reading an ABC article that suggested Australians may be affected by the massive breach of Equifax in the US that resulted in the loss of the records of 145.5 million people!
I initially attempted to use the US tool to “See if you are impacted”, but quickly learned that “The Amazon CloudFront distribution is configured to block access from your country”. Great - they want to ensure that I’m ‘not affected’. While I could VPN around it, the system was still going to request my ‘Social Security Number’ - something I seem to have misplaced. Instead I decided to simply request my local credit report.
And so I did, and became increasingly concerned as I went through the process. Fantastic: it’s free. Not fantastic: on first attempt this process ‘timed out’ when I submitted my data, requiring me to go back to the page, re-enter much of the information and figure out which parts of the form were broken. Also not fantastic: it wants to know (one or two of these are ‘optional’, but if you admit that there is data then Equifax demands it):
- Am I Mr/Mrs/Miss/Ms/Dr/Lady/Master/Rev/Sir? (I am apparently not permitted the title Prof, or any other of the myriad options that this list omits including the option to be ‘none of the above’.)
- First name
- Middle name (optional)
- Last name (back in the dim dark past, this was called surname; I am not sure what happened to this term)
- Gender (male or female - again, no subtleties here)
- Date of birth
- Have you ever been issued with a driver’s licence? If so, state/territory and licence number
- Do you have a Medicare card? If so, card colour, name on card, card number, reference number, and ‘valid to’
- Email address
- Preferred phone number (and it won’t accept 00000000 - it checks whether the number is valid)
- Current residential (not PO) address (Australia)
- Previous residential (not PO) address (Australia) 1
- Previous residential (not PO) address (Australia) 2
- Have you ever been employed?
- Are you currently employed? By whom?
- Previous employed? By whom?
- Most recent credit provider (optional). Yes, an optional question!!!
- Reason for purchase (i.e. why do you want this report? This provides a long drop-down list)
- Delivery method (email or post)
(The test states “Driver Licence or Medicare Card Details Required”, but if you state that you have both it demands details for both.)
You are then required to tick a box accepting the Terms and Conditions, which are as usual incredibly demanding and almost certainly unenforceable. This box also states that you “further authorise to have my identity information verified with the Issuer or Official Record Holder”.
Finally, a box is pre-selected for you stating that “You agree to Equifax Pty Ltd and its subsidiaries (Equifax Australia Group) and its corporate partners using and disclosing your personal information to contact you about other goods and services and using your information for direct marketing purposes including contact by phone, email, SMS or other electronic means.” I was able to submit my humble, grovelling request for my own data without this box being ticked - noting of course that the ‘Terms and Conditions’ include what are titled “Direct Marketing Consents” covering all of this and more. You can of course exercise your right not to be flooded with junk: " In order to exercise that choice you need to communicate that to…" Equifax’s PO box!!! Seriously!
So - if you have a look at the above list it contains a large volume of personal information and leads me to some questions:
- How much of this information does Equifax need in order to fulfil my request?
- Is Equifax using the information submitted in this form to fill gaps in their own data?
- Is this lawful?
- Should it be?
This is a company whose entire business model is taking my information and selling it to someone else. It largely gathers that information from third parties, but I suspect having gone through this nightmarish process that it is also gathering information as people request reports on their own credit!
Is anyone able to ease my concerns, or alternatively confirm the total moral bankruptcy of this company’s actions? Do we have any laws stopping it from doing exactly what I suspect?
Having submitted my request to the company, I now feel a deep regret at having done so. I feel as though I cannot win in this war on privacy that is being fought equally hard by private and public enterprise. And I feel a little violated.
