Companies Rapped for Illegally Publishing Private Debt Data
The Data Protection Inspectorate announced on Wednesday that it has taken 12 credit rating and collection agencies to task for illegally listing the names and birth dates of private debtors on their websites.
In a release, the inspectorate said that it has issued injunctions to five of the companies to remove the data. The others removed the records voluntarily.
Checks the office carried on 66 websites found that only two of them were presenting their information in full compliance with the law.
Though publishing information on both companies and individuals with bad bill-paying habits has become a common practice in Estonia, in the case of individuals it can be released only to those with a legitimate need. Making it available to the general public without the individual's permission is counter to the law, the inspectorate said.
"Disclosure of personal payment default is meant to allow financial institutions, businesses and individuals to assess the credibility of the other party in carrying out contractual obligations, not to let the entire society to know about a person's payment difficulties," the statement read. It is up to the data provider to make sure that those requesting the information have a legitimate need and that the data is accurate, it continued.
The correct, legal way to provide credit information is to set up a system to identify those using the database, it said.