Skip to main content

https://companieshouse.blog.gov.uk/2016/01/21/our-register-advice-on-protecting-your-personal-information/

Our register: advice on protecting your personal information

Posted by: , Posted on: - Categories: Company guidance

Here at Companies House we try to make registering a company a simple and quick process. In return for limited liability the Companies Act 2006 requires companies to be transparent about certain aspects of their business. Who owns shares in the company and those that run it are just some of the aspects companies are required to send to us.

The Act also requires us to make this information available to the public and our most recent way of doing this is through our beta service, which was launched in June last year.

I work for Companies House as a customer service manager and every day I receive enquiries from customers: either current or former directors, shareholders or limited liability partnership (LLP) members. They often ask how they can best protect their personal information. Here are some tips you can take to protect yourself.

Before registering with us you should consider which address you are going to use. Upon incorporation of your company, the Act requires you to provide an address for each of the following:

  • a registered office address (ie the company’s address)
  • a service address (where company officers can be contacted)
  • a ‘usual residential address’ (of the directors/LLP members)
  • an address of the initial subscribers

While the Companies Act requires company officers to provide their usual residential address, it is not shown on the public record and only made available to credit reference agencies and specified public authorities. Should you choose to register your residential address as your service address, registered office or subscriber address then it will always appear as a part of the public record even if you change it at a later date, so please think carefully about this before you register your company. Company formation agents, solicitors and accountants often offer an address hosting service for a fee.

Following the registration of your company, we will send you an authentication code. This code allows you to file documents on behalf of the company electronically. Paper documents filed with us are scanned and make up part of the company register. The Companies Act 2006 requires most documents to be authenticated using a signature. However, for those of you concerned about your signature being shown on the public record, documents filed online can be authenticated using this code. In December 2015, 94.81% of the documents filed with us could have been filed online. If you need to order another code for your company you can do so by logging into our WebFiling service and requesting one.

Recent legislative changes made under the Small Business Enterprise and Employment Act 2015 have seen us suppress the day of the date of birth from our output data services for filings from October. Parliament has decided that this strikes the right balance between transparency and personal privacy.

For more information, we have some handy guidance booklets and don’t forget to join us at webinars and events around the country, keep an eye on our site and social channels for details.

To keep in touch, sign up to email updates from this blog, or follow us on Twitter.

Sharing and comments

Share this page

11 comments

  1. Comment by Dominic posted on

    If personal information is openly available (online at Companies House) through a former directorship of a dissolved company, is there any way to remove it from the public domain (as there is for a live company)?

    • Replies to Dominic>

      Comment by Esme Turner posted on

      Unfortunately there is no way to amend information on the record of a dissolved company without first restoring it to life. Once the company has been restored then it would have the same options for applying for the removal of information from the register as any other company.

      • Replies to Esme Turner>

        Comment by Dominic posted on

        The inability to restrict access to historical information, which may have been provided to Companies House long before the present mitigations were available (especially the use of service addresses) is a huge problem and CH's response seems cavalier.

        Information for companies dissolved before (say) 2012 should be withdrawn from the beta site and made available only by specific download. Furthermore a condition should be laid on anyone obtaining such information that that they should not make it publicly available.

        • Replies to Dominic>

          Comment by Esme Turner posted on

          Thanks for your comment. Companies House will shortly be reviewing the timescale for retaining dissolved company records, which currently stands at 20 years. We will be consulting with our customers and depending on the outcome of those discussions, may well seek to amend the current retention policy in line with any decisions reached. As an interim measure, we have taken the decision to not make information on companies dissolved more than 6 years ago available on the new Companies House beta service.

          However, your suggestion that Companies House places a restriction on anyone obtaining information from us that they should not make it publicly available, is not possible. Companies House has no legal power to do this, once data has been supplied to a third party then they are entitled to reuse it (in line with relevant legislation - https://www.gov.uk/government/publications/companies-house-accreditation-to-information-fair-traders-scheme). For instance, if we sell information about a live company to a third party then we have no way to compel them to remove this information from their systems/website if that company subsequently dissolves.

  2. Comment by David Moss posted on

    Suppressing the day of the date of birth of any specified officer of a company on the new appointments query is the flimsiest of fig leaves – the full birthday is readily available for free in the annual return.

    How does that fig leaf protect anyone's personal information? It doesn't.

    The home addresses of the officers of a company may be hidden in future, but earlier returns are still there on the web, often complete with home addresses.

    There was some protection for personal information when people had to pay £1 for each document and when it took some time to download and read them. That protection has been weakened considerably now that the results are available instantly and for free.

    The reason for this change seems to be that making everything open and removing any barriers to entry will promote innovation and expand the economy. There is no sign of any such innovation.

    • Replies to David Moss>

      Comment by Esme Turner posted on

      Companies House does not consider that information is more readily available as the result of the removal of the £1 fee to access it. We do not consider that a fee of £1 would deter anyone who wants to access a piece of information. The decision to redact day of birth information from our data systems and to alter the design of forms so that for filings made after 10 October 2015 is deemed to be a proportional response to the threat of identity fraud. Given that this information is already in the public domain, even the removal of it from Companies House systems would not prevent third parties from using it.

      We have not published the final sentence of your comment. Companies House does not confirm the addresses of our staff and we will not publish blog posts that may contain this information.

      • Replies to Esme Turner>

        Comment by David Moss posted on

        Thank you for your 25.1.16 response.

        Companies House consider that removing the fee doesn't make personal information more readily available and that paying the fee wouldn't deter "anyone" from accessing the personal information recorded by Companies House. This is an eccentric position to adopt. Most people accept that penalties deter inconsiderate parking, for example. <a href="https://twitter.com/PhilRodgers/status/614409402792157184">Companies House may care to consider the tweet sent to them</a> last June by a blogger/journalist who claims to have scored a success using the new website and says explicitly "if I'd had to pay £1/document, I wouldn't have found the info".

        It's not just removal of the fee that increases "the threat of identity fraud" which you mention but also the speed and convenience with which personal information can be collected on the new website. Users no longer have to select documents laboriously, as we did on the old website, log in, enter our payment details, wait for the documents to be marshalled, read them, go back and start again, ... Those disincentives have been removed and, instead, bingo, there it all quickly is, all the personal information you could want and more.

        Companies House clearly recognise that they have put people's personal information at risk. Why else publish your blog post, 'Our register: advice on protecting your personal information'? Three people have submitted comments on your blog post airing their qualms. Omitting the day of people's birthdays from some documents but not others is only a "proportional" response if Companies House is once again being eccentric.

        The claim that personal information is available elsewhere does not justify Companies House's making it available so conveniently. Some people are unrealistic, for example. Should Companies House follow their example?

        Why are Companies House seeking to change the status quo with the new website they're testing? You don't unfortunately answer that question in your response. Many people have advanced the hypothesis that making information available to everyone will inspire innovation and cause the UK economy to expand.

        Here it is being tested by Companies House. The hypothesis, that is. Has it worked? Has it inspired a lot of innovation? Has it caused the economy to expand? If not yet, then when? So far, in this case at least, it looks as though the hypothesis is wrong. In which case, why proceed as though it is right? Is it time to abandon the new test Companies House website?

        Did Companies House perform a privacy impact assessment before spending time and money on a new website? If so, what were the findings? And if not, in view of the concerns expressed by commentators and by Companies House themselves, isn't it about time to assess the privacy impact?

  3. Comment by Stay Safe posted on

    I have recently found out about the Company House Beta Service and in a way impressed by the speed and ease of use.

    However as a director I am EXTREMELY CONCERNED that HISTORICAL private sensitive information is so readily available without any suppression login at all.....

    HISTORICALLY SCANNED INFORMATION containing extremely sensitive and highly confidential information are all readily available within seconds and without any SECURITY or Login.

    Is there any way to restrict some of this information?

    - If the information cannot be removed, please at least encrypted / some information blanked out!!

    This is unbelievable.... in this day and age where Identity fraud is so prevalent all directors information and sensitive documents are easy to see and duplicate!!

    It is outrageous that only new information after October 2015 is being restricted. What about the hundreds of thousands of businesses that were set up prior to this date.

    If the parts of old scanned documents containing sensitive information cannot be easily encrypted / removed then all of the historical data prioer to October 2015 should be pulled down with IMMEDIATE EFFECT.

    We did not incorporate a company 20 years ago knowing that our private information would made so readily available....

    Frankly it does not interest me that it is labour intensive to encrypt all the thousands of documents - simple solution - pull the service down until this can be done properly...

    If CH does not think this request for removal of publicly made information (without prior consent?) is reasonable please contact the metropolitan police and banking sector for more information on how criminals can use address, date of birth and signatures to perform illegal fraudulent activity.

    I cannot believe i am even needing to write this comment....I am lost for words....

    • Replies to Stay Safe>

      Comment by Esme Turner posted on

      Companies House receives and outputs information in line with the Companies Act 2006 and related legislation. Company directors are required to provide information for inclusion on the public register and in exchange they benefit from limited liability status. Companies House is unable to redact large amounts of information from the public register, as you suggest, this would be a breach of the legal requirement that the registrar makes this information publicly available. The government consulted on the approach to outputting personal information and Companies House’s approach was deemed to be a proportional response to the threat of identity fraud. This information is already in the public domain, even the removal of it from our systems would not prevent third parties from using it.

  4. Comment by Lyn Riley posted on

    The personal information that is freely available on the Companies House website, and through agency websites that have gleaned the information from Companies House, is putting all company directors and officers of companies are huge risk of identity theft.
    I have just been a victim of such theft because I am a director of my husband's small company. I have never had the need to look at the personal data held on me by Companies House so I was shocked to the core to see my full name, home address, month and year of birth and a helpful map of exactly where I live, freely displayed on http://www.companydirectorcheck.com, http://www.checkcompany.co.uk, http://www.bizdb.co.uk as well as the Companies House website itself.
    As a result of the identity theft and bank account fraud that I was experiencing, I closed down my Facebook page, which was only linked to six family members and did not display any private information about me. However, after I looked at the information that is 'out there' via Companies House, I felt an absolute fool for closing down Facebook because why on earth would a criminal waste their time scanning through my private Facebook pages when all the information about me that they would ever need is freely available via Companies House? This makes a complete mockery of all the diligent advice and guidance we are given about 'how to keep yourself safe online' and in this day and age of ever increasing identity theft and financial fraud, it is a true scandal!

    • Replies to Lyn Riley>

      Comment by Esme Turner posted on

      Hi Lyn, UK company law requires a director to provide this information to the registrar for inclusion on the public register. This is one of the legal requirements that must be fulfilled and in exchange the people behind a company get the benefit of being able to conduct business through the medium of a limited company, this includes the benefit of having limited liability and therefore not being personally responsible for any debts that the company incurs. Companies House provides a significant amount of guidance on the role of a company director, this guidance highlights that it will result in information about a director being made publicly available. It is the responsibility of prospective directors to familiarise themselves with the requirements of the role before consenting to act in that capacity. Company law also requires directors to make regular filings with the registrar and so they have responsibility to be aware of what information is held about them on the public register.

      In your comment you state that we make your home address available, the only address that we make available for a director is described as their service address. When the Companies Act 2006 was being developed this matter was debated in parliament as it was recognised that in the digital world this information is easier to obtain. As a result the concept of a usual residential address was introduced. Directors are now required to provide the registrar with a service address in addition to their residential address. We make a director’s service address publicly available but their residential address is held on a secure database and is only made available to credit reference agencies and specified public authorities. A director may choose any address at which they may receive service of documents to act as their service address, this may be the company’s registered office address, the address of their solicitor or accountant, or any other address that they have the authority to use. However, even if a director does use the same address for both their residential address and their service address, we will not confirm whether or not this is the case if we receive a public enquiry.

      It should also be noted that Companies House has not control over the contents of third party websites such as those you have listed. We are required by law to make the information that is delivered to us publicly available, these third parties have legitimately obtained this data and chosen to provide it through their website. If you have an issue with your data being provided on their websites then you may wish to contact them directly. Companies House is unable to remove any of this information from our register as we are legally required to display it there.