Slashdot Mirror

← Back to Stories (view on slashdot.org)

Deleting Personal Data from Private Institutions?

Posted by Cliff on from the static-on-your-digital-paper-trail dept.

An anonymous reader asks: "This site has many readers who are familiar with the liabilities of personal data being stored on servers owned by private institutions. Bank records, phone records, credit records, flight records, basically any type of digital transaction can be (and likely are) stored indefinitely for whatever reason. Are there processes by which one can request a removal of personal data, or by signing contracts with these companies, do they own the rights to the information? If you have attempted such an erasure, have you encountered resistance?"

8 of 103 comments (clear)

  1. Amazon.com won't... by scottsk · · Score: 4, Informative

    Back when amazon.com was a new company struggling to get customers, they said they would never share your personal information with anyone -- and then a few years later stabbed everyone in the back by reversing this policy. At that time, I did not want to be their customer anymore and wanted my customer data expunged. I was told that there was no way to stop being a customer and have historical information purged.

    1. Re:Amazon.com won't... by Reality+Master+101 · · Score: 4, Informative

      I just get into the online form for the company in question and enter crazy trash into all the blanks. Afterwards, all they have is junk that has nothing to do with me. The likelihood that anyone searches the backups is nil.

      That's assuming they don't keep easy-accessible audit trails and change logs for all of the fields. All of my e-commerce systems do. It's actually kind of funny when people change their information to garbage to keep us from tracking them when they bounce payments or something like that.

      --
      Sometimes it's best to just let stupid people be stupid.
  2. In Europe by MeltUp · · Score: 5, Informative

    Well, here in Belgium it's simple. There's a law that gives you the right to request all info they have on you, and allows you to order them to delete it. I'm not 100% sure, but I think at least a few other European counties have a law like that.

    --
    Computers are useless. They can only give you answers. -- Pablo Picasso
    1. Re:In Europe by Wally4u · · Score: 4, Informative

      The dutch privacy act give room for this. http://home.planet.nl/~privacy1/wbp_en_rev.htm You can demand you personal data to be destroyed except when it has a specific purpose (ie bank records, police records etc). If they fail to do so, or sell the data without written consent they can be fined.

  3. Data Protection Act by AmiMoJo · · Score: 3, Informative

    In the UK, all you need to do is write to the company in question and tell them you want the data deleted. Thanks to the Data Protection Act, they must then comply.

    You can also ask for a copy of all data held about you, although in that case the company is entitled to a "reasonable" fee (usually £10) to cover admin costs.

    --
    const int one = 65536; (Silvermoon, Texture.cs)
    SJW, n: "Someone I don't like, and by the way I'm a fuckwit" - AC
    1. Re:Data Protection Act by Richard_at_work · · Score: 1, Informative

      Wrong, nowhere in the Data Protection Act 1998 does it allow the subject of data retention (I.E. you) to request unmitigated deletion of data held. You can go to court to ask the judge to rule on deletion or correction (at the courts discretion) of incorrect or inappropriate data, but theres no clause held within the Act of Parliament to force a company to delete appropriate and correct retained data on request.

      Many 'law' firms on the Internet have it wrong when they are suggesting deletion on request is required. Its very easy to check on these things, UK law is written plainly and available to the public:

      1998 Data Protection Act

      There has been no relevent update or amendment to this Act that adds the above rights either.

    2. Re:Data Protection Act by ajs318 · · Score: 3, Informative

      But the UK Data Protection Act assigns a "rightful purpose" to the data they are storing about you, and anything other than that rightful purpose (including internal systems testing, technically!) is a misuse -- which is a breach of the Act. If you've asked them to remove your data then it now has no rightful purpose, so anything they do with it from then on is in breach of the Act.

      Note that at least until not long ago, data stored by non-computerised means was exempt from any legal protection whatsoever. There was at lease one organisation which used this loophole to their advantage, and held much information on "Undesirables" (such as dope smokers, trade unionists, people who donated to Amnesty International, people seen wearing a Levellers t-shirt ..... that kind of Undesirable) on paper in filing cabinets. And there was nothing anyone could do about it. I'm not sure if the 1998 amendments sought to block this.

      --
      Je fume. Tu fumes. Nous fûmes!
  4. Re:just a hunch by Matt+Perry · · Score: 2, Informative
    How is their written word any more reliable then their spoken one?
    When it's in writing it becomes legally binding and can be used in court as evidence should you ever need to go down that path. If it's not in writing then it's just your word against theirs.

    This is a fundamental thing to understand about business, and I would say a fundamental life lesson. If it's not in writing, it means nothing. Never take someone's word on something, particularly if it's regarding something that's important to you. When dealing with companies always write down the time and date when you place calls, note who you talked to, and what was discussed. Always ask for a written follow up if appropriate. Keep accurate records of things that are important to you.

    Several months ago I received a letter from my bank saying that they had been informed by the county that I hadn't paid my property taxes. The letter indicated that I need to provide proof of payment of my taxes or else they were going to raise the interest rate on my home loan. I called about this and they apologized, said it was a computer error, and said that my account shows that the taxes are up to date. I asked for them to send me a letter with those details. I got the letter about a week and a half later. Now, had I not asked for a letter, and had the problem not have really been resolved as the person told me, it would have been my word against the person on the phone (who might have been a temp worker). If this ever pops up again for some reason, I have the original letter and their apology letter in my mortgage files.

    Believe me, I have learned this the hard way. *ALWAYS* get things in writing.
    --
    Slashdot: Failed Car Analogies. Amateur Lawyering. Anecdote Battles.