Slashdot Mirror

← Back to Stories (view on slashdot.org)

Did Your Ex-ISP Purge Your Personal Data?

Posted by Cliff on from the not-so-great-expectations dept.

reallocate asks: "When you quit an ISP, do you expect that your personal info and your email accounts will be purged? So did I, but I was wrong. Do you know what your ISP does with your data if you quit them?" At first glance, this would seem to be a reasonable expectation, but these days, businesses are holding your data longer than you'd expect. If someone doesn't know for sure if an old business is holding their personal data, is there any way they can find out? "Once upon a time, I was a Roadrunner customer. I dropped them and moved to another ISP. A few days ago, I fell prey to a "returning customer" inducement from Roadrunner that will, in truth, save me a few hundred dollars over the course of a year.

However, when the sales agent knew my address before I gave it to her, and the customer service guy I called later knew my Social Security number, although I had not yet provided it, it was clear Roadrunner had not purged my data when I had closed the old account, including user ID and password. Their agents were seeing that data displayed on their screens. And, checking what I thought were long-dead Roadrunner email accounts, I saw they'd been left open and active, with hundreds of messages piling up.

I've spoken with my local Roadrunner office and written their national office, asking about their policy on purging personal data when a customer drops an account, and, if it isn't purged, how they use that data. To be fair, both queries were made over the weekend and I'm waiting for responses."

19 of 63 comments (clear)

  1. Is this guy serious? by I_Love_Pocky! · · Score: 3, Informative

    Why in the world would he think that they would purge his information just because he isn't a customer any more? I worked for an ISP and our billing software didn't even allow for that sort of thing. You could get fired for deleting a users information for any reason. As a business I think they have to keep that sort of information around for several years for accounting purposes anyway.

    I mean after all, there are plenty of companies out there that have your personal information that you have never even done business with (and they buy and sell personal information all the time).

    Besides, it isn't like it is just ISPs either. How often do you get phone calls from ex-long distance providers asking you to switch back?

    1. Re:Is this guy serious? by Anonymous Coward · · Score: 2, Interesting

      I don't understand this either. I don't expect the bank, phone company, ISP, Amazon.com, the electric company, the place I bought a car from, my insurance company, my doctor's office or anyone else to delete my personal information when I'm done doing business with them. If nothing else, there are often requirements and policies for businesses to retain records for a number of years. And it is otherwise a good idea so that should there ever be a conflict you can prove your case. Or contact the person should it be necessary. Or - honestly - whatever other reason the other party feels they want to retain records of business with you for.

    2. Re:Is this guy serious? by Seumas · · Score: 2, Interesting

      No kidding. This is the stupidest "Ask Slashdot" ever - and that's saying a lot.

      Why would anyone expect a company they have done business with to delete all records of having done business with them after they're no longer a customer? For one thing, companies are often required by law to retain certain documentation and for another - who the hell cares?

      Why should an ISP be expected to delete their records any more than the electric company, phone company, Amazon.com or the IRS?

      Of all the things to get your panties in a bunch over...

    3. Re:Is this guy serious? by Chess_the_cat · · Score: 2, Interesting

      What I want to know is why this guy gave his ISP his Social Security Number? lol. You know you only have to give that number to your bank and the IRS right?

      --
      Support the First Amendment. Read at -1
    4. Re:Is this guy serious? by DaveJay · · Score: 4, Interesting

      Agreed about the email. Parent mentioned not expecting a bank to purge your information, but you would certainly expect them to close your active checking and savings accounts (or in an ISP's case, email accounts).

      I had a terrible, terrible bank in Chicago some years back, and when I closed all the accounts and took the last of my money out (in person, I might add) they assured me that the account was closed.

      Well, a check that was still floating around hit the bank a week later (it was months old and very small, so I had chalked it up to a balancing error) and rather than not pay it or contact me first, they paid it out, then sent me a bill for the overdraft charge in addition to the amount. The kicker: I tried to talk to them about it, but all I got were circles of:

      them: "we only honor checks to open accounts, and yours is closed, so we couldn't have paid it"

      me: "but you sent me this overdraft for the closed account saying you paid this out"

      them: "well, the account must not have been closed"

      me: "I have this piece of paper from you saying it was closed a week before this check was paid"

      them: "if you had a check out there, you should have left enough money in the account to cover it"

      me: "I didn't know it was still out there, and how can I leave money in a closed account?"

      them: "You can't leave money in a closed account, but once an account is closed, you don't need to leave money, because we don't honor checks to closed account"

      me: "but you DID..."

      And so on. Took weeks to straighten out. Bluh.

    5. Re:Is this guy serious? by Anonymous Coward · · Score: 2, Informative
      Sure, you don't have to give it to your ISP if they ask for it.

      Oh, and they don't have to give you service for any reason they decide, including you not giving them your SSN.

      Them's the breaks.

    6. Re:Is this guy serious? by Seumas · · Score: 3, Informative

      Actually, I believe you are incorrect about refusing service if you do not give a company your SSN. Social Security Numbers are for employment and government use only and are not supposed to be used for any other purpose. The only people you are required to give your SSN to is some government agents, your employer and your banking institution.

      Whenever anyone else asks for your SSN, simply tell them you wish to use another password or unique identification number.

      I do not give out my SSN. It's a significant part of being able to steal your identity and there is no reason to not use another number. Nobody has ever refused to give me service because of this. I simply say "I don't give my SSN out - but I'll gladly give you another passcode if that's what you want".

      See the ACLU and EFF websits for more information on your rights with regard to social security identification numbers.

  2. Why would they delete it? by sfjoe · · Score: 2, Informative


    Personal data is a valuable asset. No corporation is going to willingly delete that information. If you're an ex-customer, doubly so: there is no "goodwill" to be gained by deleting it and they may be able to recapture you as a customer as evidenced here.

    --
    It's simple: I demand prosecution for torture.
    1. Re:Why would they delete it? by yamla · · Score: 2, Interesting

      In Canada, maintaining this information after you have lost the customer is illegal under the PIPED Act which came into effect for corporations unrelated to the government on January 1st, 2004.

      Basically, you are allowed to use personal information only for the purpose you originally stated. Companies that collected this data to provide you with service are therefore legally bound to delete it once the customer cancels their account.

      Very few companies actually do this.

      --

      Oceania has always been at war with Eastasia.
  3. Nope. by Phexro · · Score: 2, Informative

    I used to use Qwest, before they got out of the ISP business and tried to get all their customers to use MSN.

    A few months back, I happened to get a bounce on a message to that address. I'd forgotten to update an email notification on a web app I'd built some years back, and the mailbox was full of spam and couldn't accept the message from the webapp.

    It's been... oh, 2? 2 1/2? years since I switched away from Qwest, and the email account is still active. I could probably dial in if they still have dialup access.

  4. In the UK by jb.hl.com · · Score: 4, Informative

    In the UK, the Data Protection Act mandates that companies not withold data about people if they have no good reason to have it. The DPA: wonder why it isn't an idea that's reached the US yet.

    --
    By summer it was all gone...now shesmovedon. --
    1. Re:In the UK by cpt_rhetoric · · Score: 2, Interesting

      Couldn't one also come up with a good reason? What about keeping previous customers informed of services which could draw then back? Or ease of reinstating an account for a returning customer? What happens if I purge all data on an account that went deliquent and I never want that person again to receive any service? How do I make sure that same person doesn't come back a few months later and tries to get service again? If I've purged the info, I have no easy way to check out if this is that banned user.

  5. SBC email address by ChaseTec · · Score: 2, Informative

    I had South Western Bell DSL at one time with an email address of osdev@swbell.net I had to move and ended up someplace without DSL. A year or so goes by and I move again to someplace where I can get DSL again. I tried to see about getting my old email address back. Trying to sign up with the same address told me the it was taken already, given the addesss I figured that was kinda odd so I called them. Apparently the don't(or didn't) ever release old email address because their records showed the the address was a deactivated account that belonged to me and there wasn't anyway to reactivate it or delete it. The guy I talked to said that he'd been told that every once in a while they are supposed to clean out all the old address but in the 4 years he'd been working there it had never happend.

    I guess in a way it's like adding your name to one of those Mars DVDs. That email address will be taken long after I'm gone.

    --
    My Hello World is 512 bytes. But it's also a valid Fat12 boot sector, Fat12 file reader, and Pmode routine.
  6. The two-headed Qwest by deque_alpha · · Score: 2, Interesting

    I have had phone/dsl and ISP services off and on for some years from Qwest/USWest and Qwest.net. On the phone/dsl service side of things, they delete portions of account information (like SSN) almost immediately. I recently moved and they bunged up the move order. When I called back a day after my new service was supposed to start, and had to start "new" service, they still had my name, address, etc. but no longer had my SSN or any of my old billing information. Pretty good. Qwest.net, on the other hand, apparently doesn't get rid of anything, as they still had that (partially obsolete) information when I spoke with them minutes later...

  7. Of course they don't. by DynaSoar · · Score: 3, Insightful

    I've worked for several since before they were called ISPs (networked BBS's at best). They don't delete customer info. Even before they figured out that personal data was worth money, they knew that a customer was a customer, whether active or inactive. The latter usually meant "not presently using our service" as weasel words for "ex-customer", though I know of one instance where it meant "dead". How else could they claim those enormous numbers of users? It was everyone who'd ever signed on for even a brief time. If every user claimed by every provider were active at that time, there'd be more active accounts than people on the planet.

    --
    "I may be synthetic, but I'm not stupid." -- Bishop 341-B
  8. Data protection act by Trevelyan · · Score: 3, Informative

    In the UK, under the data protection act a company that holds data on people must register with the authorities, and must provide you with all data they hold on you if you request it (they are allowed to charge up to 10 pounds for things like "handling"). Also they should apply any corrections you give them.

    Some Co. do try to not tell you, in the hope your dont know you rights, just point out you do.

  9. Reminds me of a story... by k4_pacific · · Score: 5, Funny

    I was attending a sales presentation for some database software (don't remember what it was) in the late 1990s when a person in the audience asked about Y2K compliance. The salesmen proudly proclaimed that the software could handle dates from 1850 to 2450. Another hand goes up. He claims: "I'm with the Hudson Bay company, and we have diliquent accounts going back to 1630." The salesman thinks about it for a second. He replies, "When was the last time you collected on one of them?"

    Which I guess brings this back on topic. Apparently some companies keep your information for multiple centuries.

    --
    Unknown host pong.
  10. Having worked on some sales databases... by stienman · · Score: 2, Informative

    These databases can be thought of as a small protection against spamming and other obnoxious behavior. I've worked on video rental systems with information (remember- they have either your SSN or your CC#) many years back. Even the managers cannot delete these records.

    This is to cut down on multiple accounts (ie, I rent 5 movies, never return them, and instead of paying up I simply try to open a new account) as well as other issues surrounding liability (my son was never listed as a supplemental customer on my account! How could he have rented $150 worth of video games!) and so on.

    However, I believe that a reasonable time frame should be established to purge or refresh old information, just as businesses are required to keep account statements back 7 years.

    -Adam

  11. It costs them nothing by jm92956n · · Score: 3, Interesting

    A while back (nearly six years ago, to be exact), I cancelled service with my local ISP. Though they deleted my email account, my FTP account was not touched. I still use it on a regular basis to host files. According to Netcraft the server is running WebSTAR/4.2, some old ancient Mac software that I've never seen elsewhere. I'm convinced my account will remain until there's a hardware failure.

    There's little to no cost associated with maintaining this data. It would probably cost them more in man-hours to delete my account than it would to just leave the account in place.

    --
    An effective signature identifies a particular user amongst a base of thousands.