Did Your Ex-ISP Purge Your Personal Data?

reallocate asks: "When you quit an ISP, do you expect that your personal info and your email accounts will be purged? So did I, but I was wrong. Do you know what your ISP does with your data if you quit them?" At first glance, this would seem to be a reasonable expectation, but these days, businesses are holding your data longer than you'd expect. If someone doesn't know for sure if an old business is holding their personal data, is there any way they can find out? "Once upon a time, I was a Roadrunner customer. I dropped them and moved to another ISP. A few days ago, I fell prey to a "returning customer" inducement from Roadrunner that will, in truth, save me a few hundred dollars over the course of a year.

However, when the sales agent knew my address before I gave it to her, and the customer service guy I called later knew my Social Security number, although I had not yet provided it, it was clear Roadrunner had not purged my data when I had closed the old account, including user ID and password. Their agents were seeing that data displayed on their screens. And, checking what I thought were long-dead Roadrunner email accounts, I saw they'd been left open and active, with hundreds of messages piling up.

I've spoken with my local Roadrunner office and written their national office, asking about their policy on purging personal data when a customer drops an account, and, if it isn't purged, how they use that data. To be fair, both queries were made over the weekend and I'm waiting for responses."

Is this guy serious?

[I_Love_Pocky!]

Why in the world would he think that they would purge his information just because he isn't a customer any more? I worked for an ISP and our billing software didn't even allow for that sort of thing. You could get fired for deleting a users information for any reason. As a business I think they have to keep that sort of information around for several years for accounting purposes anyway.

I mean after all, there are plenty of companies out there that have your personal information that you have never even done business with (and they buy and sell personal information all the time).

Besides, it isn't like it is just ISPs either. How often do you get phone calls from ex-long distance providers asking you to switch back?

Re:Is this guy serious?

[DaveJay]

Agreed about the email. Parent mentioned not expecting a bank to purge your information, but you would certainly expect them to close your active checking and savings accounts (or in an ISP's case, email accounts).

I had a terrible, terrible bank in Chicago some years back, and when I closed all the accounts and took the last of my money out (in person, I might add) they assured me that the account was closed.

Well, a check that was still floating around hit the bank a week later (it was months old and very small, so I had chalked it up to a balancing error) and rather than not pay it or contact me first, they paid it out, then sent me a bill for the overdraft charge in addition to the amount. The kicker: I tried to talk to them about it, but all I got were circles of:

them: "we only honor checks to open accounts, and yours is closed, so we couldn't have paid it"

me: "but you sent me this overdraft for the closed account saying you paid this out"

them: "well, the account must not have been closed"

me: "I have this piece of paper from you saying it was closed a week before this check was paid"

them: "if you had a check out there, you should have left enough money in the account to cover it"

me: "I didn't know it was still out there, and how can I leave money in a closed account?"

them: "You can't leave money in a closed account, but once an account is closed, you don't need to leave money, because we don't honor checks to closed account"

me: "but you DID..."

And so on. Took weeks to straighten out. Bluh.

Re:Is this guy serious?

[Seumas]

Actually, I believe you are incorrect about refusing service if you do not give a company your SSN. Social Security Numbers are for employment and government use only and are not supposed to be used for any other purpose. The only people you are required to give your SSN to is some government agents, your employer and your banking institution.

Whenever anyone else asks for your SSN, simply tell them you wish to use another password or unique identification number.

I do not give out my SSN. It's a significant part of being able to steal your identity and there is no reason to not use another number. Nobody has ever refused to give me service because of this. I simply say "I don't give my SSN out - but I'll gladly give you another passcode if that's what you want".

See the ACLU and EFF websits for more information on your rights with regard to social security identification numbers.

In the UK

[jb.hl.com]

In the UK, the Data Protection Act mandates that companies not withold data about people if they have no good reason to have it. The DPA: wonder why it isn't an idea that's reached the US yet.

Of course they don't.

[DynaSoar]

I've worked for several since before they were called ISPs (networked BBS's at best). They don't delete customer info. Even before they figured out that personal data was worth money, they knew that a customer was a customer, whether active or inactive. The latter usually meant "not presently using our service" as weasel words for "ex-customer", though I know of one instance where it meant "dead". How else could they claim those enormous numbers of users? It was everyone who'd ever signed on for even a brief time. If every user claimed by every provider were active at that time, there'd be more active accounts than people on the planet.

Data protection act

[Trevelyan]

In the UK, under the data protection act a company that holds data on people must register with the authorities, and must provide you with all data they hold on you if you request it (they are allowed to charge up to 10 pounds for things like "handling"). Also they should apply any corrections you give them.

Some Co. do try to not tell you, in the hope your dont know you rights, just point out you do.

Reminds me of a story...

[k4_pacific]

I was attending a sales presentation for some database software (don't remember what it was) in the late 1990s when a person in the audience asked about Y2K compliance. The salesmen proudly proclaimed that the software could handle dates from 1850 to 2450. Another hand goes up. He claims: "I'm with the Hudson Bay company, and we have diliquent accounts going back to 1630." The salesman thinks about it for a second. He replies, "When was the last time you collected on one of them?"

Which I guess brings this back on topic. Apparently some companies keep your information for multiple centuries.

It costs them nothing

[jm92956n]

A while back (nearly six years ago, to be exact), I cancelled service with my local ISP. Though they deleted my email account, my FTP account was not touched. I still use it on a regular basis to host files. According to Netcraft the server is running WebSTAR/4.2, some old ancient Mac software that I've never seen elsewhere. I'm convinced my account will remain until there's a hardware failure.

There's little to no cost associated with maintaining this data. It would probably cost them more in man-hours to delete my account than it would to just leave the account in place.