Ever wondered how much personal information is held about you? Well, it looks something like this… Stacked over two feet high and weighing 12kg (nearly two stone), this pile of more than 3,000 sheets of paper contains every private detail of my life in my 35 years on the planet.
In it you’ll discover what I buy at the supermarket, what type of movies I like to watch and what music I’ve downloaded.
You’ll find out what route I take to work, which restaurants I eat in, how often I go to the gym and everything I’ve ever bought or sold on Amazon.
You’ll know how much I earn, how much my house is worth and how much I owe on my mortgage, loans and credit cards.
You’ll even discover that I once complained about the postman, that I was once caught out for plagiarising a university essay and that, aged 11 months, I came down with conjunctivitis.
Yet astonishingly none of this highly sensitive information belongs to me – it is all stored on dozens of databases around the country which can be accessed by thousands of people.
As controversy rages over introduction of ID cards, I decided to find out how much personal data is held about me by sending out requests under the Data Protection Act to 46 organisations asking for copies of all my information. They included Government agencies, schools and universities, hospitals, dentists and GP surgeries and firms I have used.
By law any organisation which holds people’s data must respond to a “subject access request” within 40 days of receiving it. Most charge £10 for providing copies of records held on computers or manual filing systems.
The sheer volume of information I got back – and what it contains – will stun anyone already worried about how private your personal data really is.
The 43 pages I received from Sainsbury’s, for example, shows every purchase I have ever made at the supermarket using my Nectar loyalty card.
Babies The computer printouts also classify my wife Dani and I, based on us buying a bit of rocket and some grape juice, as “young educated workers” in the category “urban affluent”.
There are also spaces for entries such as “number of cats” and even “baby due date” and “number of babies expected”.
Data from Sky shows every phone call I have made and every Box Office movie I have rented. Reebok gym provided the time and date of all my visits.
Information from Transport for London shows every time and place I purchased a Tube ticket on my top-up Oyster card. It also showed I was prosecuted for travelling without a valid ticket last year after I picked up my wife’s Oyster card by mistake.
Banks provided records of every transaction I had made since opening my first student account in 1992.
And reports from credit references agencies Experian and Equifax show every address I have lived at and every time I have applied for credit, including loans, store cards and mobile phone contracts. Experian also shows how much I sold my last house for and how much my current one is worth.
Of the 46 organisations holding data, 12 have on record my signature, 36 my date of birth, 38 my home address and 10 my bank account details.
Liberty director Shami Chakrabarti yesterday praised our investigation.
They know She said: “Big Brother is supposed to be evening entertainment, not a whole way of life. The Mirror’s exposÃ© of the scale of intrusion into our personal lives should shock even those all my old schools and exam grades
Matt, AGED 11 who used to think “nothing to hide, nothing to fear”.
And while we often believe information we provide to businesses is kept private, the small print reveals this is not always the case.
Information that Hilton Hotels takes, for example, can include your name, address, credit card details and code on the back of the card. And data can be shared with Hiltons, franchises or service providers in other countries with more lax data laws.
Video store Blockbuster keeps a record of every member’s home address and credit or debit card details.
And their policy states personal information may be sent to other Blockbuster firms, suppliers, subcontractors and business partners outside the European Economic Area.
Data from my Apple account shows what I listen to, while Amazon shows items I bought, and my risk score as a seller of 60.7. Whatever that means.
In my UCAS form my school’s deputy head teacher described me as “A capable student. He shows enthusiasm and has impressed staff by his determination.”
And in the 50 pages on me filed away at Sussex University, where I studied music, are comments from professors.
One wrote: “I’m at a loss to explain Matt’s reticence in class as his occasional contributions and his excellent essays give evidence of a sharp mind.”
Destroyed And you’ll have to take my word for it… Another, however, was less impressed, saying one essay verged on plagiarism.
City University, where I studied journalism, also provided copies of my grades but said all physical information such as tutor comments had been destroyed.
Other companies such as BT, O2 and gas and electricity companies Scottish Power and British Gas sent records of every time I called customer services, with an account of what was said.
The Government also holds reams of information on every citizen. HM Revenue and Customs provided 23 pages including unemployment benefit claims, tax contributions and pension forecasts.
Big Brother supposed to entertainment, The DVLA sent information about my driving licence, the Identity and Passport Service details not a way of
Shami Chakrabarti of all passports issued to me and the UK Border Agency recorded that my wife is Brazilian. The Assessment and Qualifications Alliance had my exam grades.
is be life
And Greenwich council – the London borough where I live – sent 61 pages, including information on my library card, council tax, electoral registration, rubbish collection and parking fines. And medical records are the most revealing of all. Mine show that, aged just 20 days, I had an infection in my right index finger.
Aged 11 months, I was treated for conjunctivitis in both eyes.
As well as records of every GP visit, information was provided by hospitals, both public and private, and dentists. And insurer Legal and General have on record that my wife tested negative for HIV – the test was to qualify for life assurance cover.
Liberty director Shami Chakrabarti”It seems a combination of greedy contractors and complacent politicians have devalued personal privacy in Britain.
“The profiling of our supermarket habits is bad enough. Your shopping basket can reveal whether you have sex, kids, medical or dietary issues and what you read and watch. We need to be far more careful and demanding before signing up to loyalty schemes.
“But sometimes there’s no choice. When data is taken by compulsion, that’s even more serious. The ID madness is a loyalty card too far. Instead of offering discounts, it would cost us in privacy and race relations as well as billions in cash.
“Phone records, the DNA database and a whole host of other big computers may have their place but isn’t it time we gave more thought to whose information and how much is stockpiled, to be shared, lost or corrupted in the future? “Let”s reclaim our privacy and keep Big Brother on the small screen.”
Top tips on how best to get info
You have a right to access information that organisations hold about you. Asking them for information is known as making a “subject access request”. To who can I make a subject access request?
You can make a subject access request to any organisation you believe holds information about you.
Examples include banks and credit card companies, hospitals and doctors, your present or past employer, government agencies, schools and universities and internet or mail-order companies.
How do I make a request?
Write or email the organisation you believe holds the details about you, asking for “all the information you hold about me”.
If you are not sure who to write to, address your letter or email to the data protection officer, or company secretary.
Your letter should include: Your full name and any names you used to be known by, such as a maiden name. Your full address, including postcode and, if relevant, previous addresses. Any other information you think the organisation will need to find your details and check that you are who you say you are. For example, your employer may need your payroll number and a hospital may need your NHS number.
It is also advisable to mention the Data Protection Act.
It is a good idea to send your request by recorded delivery. The organisation may ask for a fee, which is normally no more than £10.
However, they may charge you more for certain types of information, such as health records. How long does it take?
Once you have provided the relevant information and fee, the organisation must reply within 40 days. The reply should include a copy of all the information they hold about you, and details of why they hold your information and the organisations it may be passed to. What information can’t I see?
Some information on your record may be held back, for example if it could identify someone else or if you are the subject of a criminal investigation.
What if I have difficulty getting my information?
If you do not receive a reply to your request within 40 days, you should sent the organisation a reminder by recorded delivery.
If you still don’t receive a reply, you should call the Information Commissioner’s helpline on 08456 306060.