Companies House is data we should protect
The business registry shouldn't be gutted in the name of the Right to be Forgotten, argues Nicole Kobie
When we're talking about data protection, it's normally the protection of people from the misuse of data - be it leaks, surveillance or invasion of privacy - not protecting data from the people.
But with proposals to remove data from Companies House, that's exactly what's happening - and it's desperately short sighted.
Companies House is a repository of company records: who is the director, where is it based, when did it shut down, and so on. That may not sound like much, but it's an incredibly powerful tool for catching out crooked business people and spotting the links between them.
At the moment, Companies House holds such data for 20 years. But, after years of charging for records, access was opened up for free online last year. Since then, the organisation has had 2,151 complaints from people worried too much data is being shared, according to its annual report. In response, Companies House is considering slashing the data shared to just six years after a limited company shuts down.
That protects no-one but the dodgy directors themselves. Company registration data is a powerful tool for everyone from suppliers and customers to investigators and journalists - I've made use of Companies House to help find threads to tie together my own stories.
There are aspects of the data that could be problematic for privacy. Directors' birth dates used to be listed; that's been reduced to month and year of birth, helping to avoid identity theft. Some businesses are also based at people's homes, with the address listed, but that can be avoided by registering via your accountant's address.
Small changes are all that should be allowed. We need to keep this registry as whole as possible; the more data available, the easier it is to make the necessary connections. If someone has opened and closed a series of businesses, flipping failing businesses to new names, Companies House tracks that behavior. It lays bare the connections between seemingly unconnected companies.
Get the ITPro. daily newsletter
Receive our latest news, industry updates, featured resources and more. Sign up today to receive our FREE report on AI cyber crime & security - newly updated for 2024.
But business people claim they have a "Right to be Forgotten". That phrase cropped up last year, as Google battled a court case with EU regulators over whether it should delink from its search results a story about a man filing for bankruptcy.
There are cases where the Right to be Forgotten could be useful, but it's also been used to attempt to remove mentions of crimes, lawsuits and other serious concerns - though such examples weren't approved by Google, it's worth noting.
But here, Companies House isn't offering to remove out of date or incorrect data on a case by case basis, as Google was forced to with the Right to be Forgotten. Instead, it's removing all of it, just in case.
There is no data protection law demanding this data disappear. The only call for this change comes from the two-thousand odd former company directors who aren't keen on having their connections easily searchable.
People are allowed to make mistakes in business and can learn to swallow the embarrassment of failed ventures. But we shouldn't be easing their shame at the risk of covering up of the abuse of corporate structures to dodge taxes or the other bad behaviour revealed by this directory.
We need to keep Companies House thorough, transparent and open. This is one case where data needs to be protected.