Slashdot Mirror
Did Your Ex-ISP Purge Your Personal Data?
reallocate asks: "When you quit an ISP, do you expect that your personal info and your email accounts will be purged? So did I, but I was wrong. Do you know what your ISP does with your data if you quit them?" At first glance, this would seem to be a reasonable expectation, but these days, businesses are holding your data longer than you'd expect. If someone doesn't know for sure if an old business is holding their personal data, is there any way they can find out?
"Once upon a time, I was a Roadrunner customer. I dropped them and moved to another ISP. A few days ago, I fell prey to a "returning customer" inducement from Roadrunner that will, in truth, save me a few hundred dollars over the course of a year.
However, when the sales agent knew my address before I gave it to her, and the customer service guy I called later knew my Social Security number, although I had not yet provided it, it was clear Roadrunner had not purged my data when I had closed the old account, including user ID and password. Their agents were seeing that data displayed on their screens. And, checking what I thought were long-dead Roadrunner email accounts, I saw they'd been left open and active, with hundreds of messages piling up.
I've spoken with my local Roadrunner office and written their national office, asking about their policy on purging personal data when a customer drops an account, and, if it isn't purged, how they use that data. To be fair, both queries were made over the weekend and I'm waiting for responses."
However, when the sales agent knew my address before I gave it to her, and the customer service guy I called later knew my Social Security number, although I had not yet provided it, it was clear Roadrunner had not purged my data when I had closed the old account, including user ID and password. Their agents were seeing that data displayed on their screens. And, checking what I thought were long-dead Roadrunner email accounts, I saw they'd been left open and active, with hundreds of messages piling up.
I've spoken with my local Roadrunner office and written their national office, asking about their policy on purging personal data when a customer drops an account, and, if it isn't purged, how they use that data. To be fair, both queries were made over the weekend and I'm waiting for responses."
After AT&T Broadband internet was handed over to Comcast, I noticed a VERY dramatic increase in spam email sent to my attbi account. Coincedence?
Why in the world would he think that they would purge his information just because he isn't a customer any more? I worked for an ISP and our billing software didn't even allow for that sort of thing. You could get fired for deleting a users information for any reason. As a business I think they have to keep that sort of information around for several years for accounting purposes anyway.
I mean after all, there are plenty of companies out there that have your personal information that you have never even done business with (and they buy and sell personal information all the time).
Besides, it isn't like it is just ISPs either. How often do you get phone calls from ex-long distance providers asking you to switch back?
Personal data is a valuable asset. No corporation is going to willingly delete that information. If you're an ex-customer, doubly so: there is no "goodwill" to be gained by deleting it and they may be able to recapture you as a customer as evidenced here.
It's simple: I demand prosecution for torture.
I used to use Qwest, before they got out of the ISP business and tried to get all their customers to use MSN.
A few months back, I happened to get a bounce on a message to that address. I'd forgotten to update an email notification on a web app I'd built some years back, and the mailbox was full of spam and couldn't accept the message from the webapp.
It's been... oh, 2? 2 1/2? years since I switched away from Qwest, and the email account is still active. I could probably dial in if they still have dialup access.
I know they did, because they're the ones who claimed they didn't make ANY backups because then they'd be legally liable for any data they restored. Which was their lame-ass excuse for losing 7 years worth of email and assorted other files when some fool shorted out their hard disk during maintenance, and my reason for finding a new ISP that understood the meaning of responsibility to paying customers.
7 November 2006: The day Americans realized corruption and incompetence weren't addressing 11 September 2001
In the UK, the Data Protection Act mandates that companies not withold data about people if they have no good reason to have it. The DPA: wonder why it isn't an idea that's reached the US yet.
By summer it was all gone...now shesmovedon. --
I had South Western Bell DSL at one time with an email address of osdev@swbell.net I had to move and ended up someplace without DSL. A year or so goes by and I move again to someplace where I can get DSL again. I tried to see about getting my old email address back. Trying to sign up with the same address told me the it was taken already, given the addesss I figured that was kinda odd so I called them. Apparently the don't(or didn't) ever release old email address because their records showed the the address was a deactivated account that belonged to me and there wasn't anyway to reactivate it or delete it. The guy I talked to said that he'd been told that every once in a while they are supposed to clean out all the old address but in the 4 years he'd been working there it had never happend.
I guess in a way it's like adding your name to one of those Mars DVDs. That email address will be taken long after I'm gone.
My Hello World is 512 bytes. But it's also a valid Fat12 boot sector, Fat12 file reader, and Pmode routine.
I have had phone/dsl and ISP services off and on for some years from Qwest/USWest and Qwest.net. On the phone/dsl service side of things, they delete portions of account information (like SSN) almost immediately. I recently moved and they bunged up the move order. When I called back a day after my new service was supposed to start, and had to start "new" service, they still had my name, address, etc. but no longer had my SSN or any of my old billing information. Pretty good. Qwest.net, on the other hand, apparently doesn't get rid of anything, as they still had that (partially obsolete) information when I spoke with them minutes later...
This story begins about four years ago when cable giant Charter came to La Crosse, Wisconsin and gobbled up the local cable company. One good thing to come out of this was, finally, relatively affordable broadband in the area. So, a friend of mine signs up for it. After about a year he moves out and his parents go back to dialup. Recently, his mom has become a bit more tech savvy and desires broadband. He stops by to help her out the day the Charter guy comes to install it, and much to his surprise, the Charter guy asks if they want his old email account back. He says yes, logs in and finds some three year old emails in his inbox. So at least around here, Charter keeps your email account (and who knows what else). What, or if, they do anything with it besides let it sit there is unknown. Still, it kinda makes you go "Hmm..."
"To confine our attention to terrestrial matters would be to limit the human spirit." -Stephen Hawking
I do tech support for a fairly large ISP in Northern Nevada. I can login and view information about a customer's account anywhere in the 10 years they have been in business with one command. If I go to another interfact, I can seartch deeper and get more info. It would be extremely easy to get a less-than-honest person working in here who could get a lot of sensitive information. Seeing this sort of availiblity to some people on a first-hand level makes me a little bit more afraid of what could happen (read 'OMFG my information is not safe at all').
I've worked for several since before they were called ISPs (networked BBS's at best). They don't delete customer info. Even before they figured out that personal data was worth money, they knew that a customer was a customer, whether active or inactive. The latter usually meant "not presently using our service" as weasel words for "ex-customer", though I know of one instance where it meant "dead". How else could they claim those enormous numbers of users? It was everyone who'd ever signed on for even a brief time. If every user claimed by every provider were active at that time, there'd be more active accounts than people on the planet.
"I may be synthetic, but I'm not stupid." -- Bishop 341-B
In the UK, under the data protection act a company that holds data on people must register with the authorities, and must provide you with all data they hold on you if you request it (they are allowed to charge up to 10 pounds for things like "handling"). Also they should apply any corrections you give them.
Some Co. do try to not tell you, in the hope your dont know you rights, just point out you do.
before leaving an ISP. It just always seemed to me to be the nice thing to do. I'd also set up mail forwarding in the shell account, with an autoresponder giving my new address in non-machine-readable format.
Teleport was forwarding e-mail to me still 6 months later.
SJW: a person who perceives an injustice, and while correcting it, commits a greater injustice.
Every time I've changed ISP's, I've always deleted everything after moving it to the new place. Files, folders, web pages, email archives, everything.
As to the personal info you give them when signing up, I don't expect them to get rid of it. Nobody else does, why should the ISP be any different? Plus, I think businesses are required to hold onto records for 7 years.
I was inthe Windows 95 preview program, and in the MSN beta. I think I stayed with them for a couple months after that.
Fast forward about seven years. I've had at least seven different mailing addresses since then. I get a letter saying that I was a valued customer and they wanted me to try their newest version.
It's pretty obvious that MSN has never purged their databases.
A friend of mine swapped ISP's when he started doing helpdesk work for one. His old isp stopped chargin him of course, but the email account didn't close. Just for laughs once he tried reading his mail via POP3 remotely.... and he's been using that email account for free ever since.
09F91102 no, 455FE104 nope, F190A1E8 uh-uh, 7A5F8A09 that's not it, C87294CE no. Ah! 452F6E403CDF10714E41DFAA257D313F.
I don't think i'll have any problems with that. My previous ISP was OneNet in Australia. For those of you who don't know they went bankrupt and was liquidated. Then we all performed a sacraficial dance while we burnt all of their computers... or was that in my imagination?
There's a million and a 1/2 reasons why they would keep your info in their database. Let me give just a couple examples. 1.) What if you at one time had their cable modem service and they provided you with a cable modem. Upon disconnecting service you never returned it, and tried to either re-register with your name or someone else's name at a later time. Or you sold it at a rummage sale. When you or the person that now has it tries to re-activate the service they will see that the modem was last on you account, and that it's owned by them and they will want it back or to charge a fee for it or call the cops on you/them. 2.) Let's say that you had service with them at one time and that you are claiming 2 years later that their tech support damaged your computer and try to take them to court. They would have all records of the contact you made with their technical support staff and could use that to defend theirselves. If you want to know the honest to goodness answer, every customer a company has is a liability in one way or the other and the company needs to do everything they can to protect theirselves.
I was attending a sales presentation for some database software (don't remember what it was) in the late 1990s when a person in the audience asked about Y2K compliance. The salesmen proudly proclaimed that the software could handle dates from 1850 to 2450. Another hand goes up. He claims: "I'm with the Hudson Bay company, and we have diliquent accounts going back to 1630." The salesman thinks about it for a second. He replies, "When was the last time you collected on one of them?"
Which I guess brings this back on topic. Apparently some companies keep your information for multiple centuries.
Unknown host pong.
Of the free web accounts I've used, I have noted a couple of things. One, they don't purge the userid or whatever data they collect; but two, they do purge the data in your home directory. Crosswinds did this to me a while back on a bogus allegation of spam.
As far as ISPs, while the personal data is held, the user data is either backed up to tape and purged after a fashion (Speakeasy), summarily deleted if present (Earthlink - or more correctly, Mindspring did this for me for some reason when I moved to Speakeasy in 2000), or the user is given the opportunity to go in one last time and download (another one that slips my mind, I think it was a local one called Web World).
This sig no verb.
A year ago I moved out of state; my old ISP had been bought out and was going downhill fast anyway, so the only good thing about the move was ditching them... To this day, however, my old web page is still online - I still get an occasional request from someone who's Googled the pics I put up of the stuff I was trying to give away just prior to leaving town.
Leaving the obvious issues and questions aside, I think this just falls under the broad category of "If this was our biggest problem, we'd be doing OK..."
Perfectly Normal Industries
These databases can be thought of as a small protection against spamming and other obnoxious behavior. I've worked on video rental systems with information (remember- they have either your SSN or your CC#) many years back. Even the managers cannot delete these records.
This is to cut down on multiple accounts (ie, I rent 5 movies, never return them, and instead of paying up I simply try to open a new account) as well as other issues surrounding liability (my son was never listed as a supplemental customer on my account! How could he have rented $150 worth of video games!) and so on.
However, I believe that a reasonable time frame should be established to purge or refresh old information, just as businesses are required to keep account statements back 7 years.
-Adam
A while back (nearly six years ago, to be exact), I cancelled service with my local ISP. Though they deleted my email account, my FTP account was not touched. I still use it on a regular basis to host files. According to Netcraft the server is running WebSTAR/4.2, some old ancient Mac software that I've never seen elsewhere. I'm convinced my account will remain until there's a hardware failure.
There's little to no cost associated with maintaining this data. It would probably cost them more in man-hours to delete my account than it would to just leave the account in place.
An effective signature identifies a particular user amongst a base of thousands.
I'm wondering if this is a Slashdot first. Maybe it's not; but I can't remember ever seeing such a thing before.
4 Years ago, I got RoadRunner at my house *yay*
We canceled our dial up that day.
I can still dial into it, 4 years later, with no problems. Our webspace is still there too, and I've even checked the email a few times.
I've used it quite a few times, when RR goes down, or if I'm at someone elses house on my laptop.
A "good" reason in this case means absolutely water-tight. The exemptions to the DPA are mainly to allow the police to keep your criminal record on file and so on. And it turns out actually that some criminal record data was being wiped by police because they have misunderstood the DPA, with very sad consequences (a child-murderer was able to work in a school because his records had been prematurely deleted).
I used to use cablevision and the email account still works and I get email in it everyday.
I'd also assume that if your identity is recyclable, then the unique number assigned to it is as well.
click-clack, front and back. I'm not moving this car otherwise.