Slashdot Mirror

← Back to Stories (view on slashdot.org)

Did Your Ex-ISP Purge Your Personal Data?

Posted by Cliff on from the not-so-great-expectations dept.

reallocate asks: "When you quit an ISP, do you expect that your personal info and your email accounts will be purged? So did I, but I was wrong. Do you know what your ISP does with your data if you quit them?" At first glance, this would seem to be a reasonable expectation, but these days, businesses are holding your data longer than you'd expect. If someone doesn't know for sure if an old business is holding their personal data, is there any way they can find out? "Once upon a time, I was a Roadrunner customer. I dropped them and moved to another ISP. A few days ago, I fell prey to a "returning customer" inducement from Roadrunner that will, in truth, save me a few hundred dollars over the course of a year.

However, when the sales agent knew my address before I gave it to her, and the customer service guy I called later knew my Social Security number, although I had not yet provided it, it was clear Roadrunner had not purged my data when I had closed the old account, including user ID and password. Their agents were seeing that data displayed on their screens. And, checking what I thought were long-dead Roadrunner email accounts, I saw they'd been left open and active, with hundreds of messages piling up.

I've spoken with my local Roadrunner office and written their national office, asking about their policy on purging personal data when a customer drops an account, and, if it isn't purged, how they use that data. To be fair, both queries were made over the weekend and I'm waiting for responses."

9 of 63 comments (clear)

  1. Is this guy serious? by I_Love_Pocky! · · Score: 3, Informative

    Why in the world would he think that they would purge his information just because he isn't a customer any more? I worked for an ISP and our billing software didn't even allow for that sort of thing. You could get fired for deleting a users information for any reason. As a business I think they have to keep that sort of information around for several years for accounting purposes anyway.

    I mean after all, there are plenty of companies out there that have your personal information that you have never even done business with (and they buy and sell personal information all the time).

    Besides, it isn't like it is just ISPs either. How often do you get phone calls from ex-long distance providers asking you to switch back?

    1. Re:Is this guy serious? by Anonymous Coward · · Score: 2, Informative
      Sure, you don't have to give it to your ISP if they ask for it.

      Oh, and they don't have to give you service for any reason they decide, including you not giving them your SSN.

      Them's the breaks.

    2. Re:Is this guy serious? by Seumas · · Score: 3, Informative

      Actually, I believe you are incorrect about refusing service if you do not give a company your SSN. Social Security Numbers are for employment and government use only and are not supposed to be used for any other purpose. The only people you are required to give your SSN to is some government agents, your employer and your banking institution.

      Whenever anyone else asks for your SSN, simply tell them you wish to use another password or unique identification number.

      I do not give out my SSN. It's a significant part of being able to steal your identity and there is no reason to not use another number. Nobody has ever refused to give me service because of this. I simply say "I don't give my SSN out - but I'll gladly give you another passcode if that's what you want".

      See the ACLU and EFF websits for more information on your rights with regard to social security identification numbers.

  2. Why would they delete it? by sfjoe · · Score: 2, Informative


    Personal data is a valuable asset. No corporation is going to willingly delete that information. If you're an ex-customer, doubly so: there is no "goodwill" to be gained by deleting it and they may be able to recapture you as a customer as evidenced here.

    --
    It's simple: I demand prosecution for torture.
  3. Nope. by Phexro · · Score: 2, Informative

    I used to use Qwest, before they got out of the ISP business and tried to get all their customers to use MSN.

    A few months back, I happened to get a bounce on a message to that address. I'd forgotten to update an email notification on a web app I'd built some years back, and the mailbox was full of spam and couldn't accept the message from the webapp.

    It's been... oh, 2? 2 1/2? years since I switched away from Qwest, and the email account is still active. I could probably dial in if they still have dialup access.

  4. In the UK by jb.hl.com · · Score: 4, Informative

    In the UK, the Data Protection Act mandates that companies not withold data about people if they have no good reason to have it. The DPA: wonder why it isn't an idea that's reached the US yet.

    --
    By summer it was all gone...now shesmovedon. --
  5. SBC email address by ChaseTec · · Score: 2, Informative

    I had South Western Bell DSL at one time with an email address of osdev@swbell.net I had to move and ended up someplace without DSL. A year or so goes by and I move again to someplace where I can get DSL again. I tried to see about getting my old email address back. Trying to sign up with the same address told me the it was taken already, given the addesss I figured that was kinda odd so I called them. Apparently the don't(or didn't) ever release old email address because their records showed the the address was a deactivated account that belonged to me and there wasn't anyway to reactivate it or delete it. The guy I talked to said that he'd been told that every once in a while they are supposed to clean out all the old address but in the 4 years he'd been working there it had never happend.

    I guess in a way it's like adding your name to one of those Mars DVDs. That email address will be taken long after I'm gone.

    --
    My Hello World is 512 bytes. But it's also a valid Fat12 boot sector, Fat12 file reader, and Pmode routine.
  6. Data protection act by Trevelyan · · Score: 3, Informative

    In the UK, under the data protection act a company that holds data on people must register with the authorities, and must provide you with all data they hold on you if you request it (they are allowed to charge up to 10 pounds for things like "handling"). Also they should apply any corrections you give them.

    Some Co. do try to not tell you, in the hope your dont know you rights, just point out you do.

  7. Having worked on some sales databases... by stienman · · Score: 2, Informative

    These databases can be thought of as a small protection against spamming and other obnoxious behavior. I've worked on video rental systems with information (remember- they have either your SSN or your CC#) many years back. Even the managers cannot delete these records.

    This is to cut down on multiple accounts (ie, I rent 5 movies, never return them, and instead of paying up I simply try to open a new account) as well as other issues surrounding liability (my son was never listed as a supplemental customer on my account! How could he have rented $150 worth of video games!) and so on.

    However, I believe that a reasonable time frame should be established to purge or refresh old information, just as businesses are required to keep account statements back 7 years.

    -Adam