Slashdot Mirror

← Back to Stories (view on slashdot.org)

Deleting Personal Data from Private Institutions?

Posted by Cliff on from the static-on-your-digital-paper-trail dept.

An anonymous reader asks: "This site has many readers who are familiar with the liabilities of personal data being stored on servers owned by private institutions. Bank records, phone records, credit records, flight records, basically any type of digital transaction can be (and likely are) stored indefinitely for whatever reason. Are there processes by which one can request a removal of personal data, or by signing contracts with these companies, do they own the rights to the information? If you have attempted such an erasure, have you encountered resistance?"

10 of 103 comments (clear)

  1. just a hunch by gEvil+(beta) · · Score: 4, Insightful

    I'd guess that even if you did get someone at a company to state that your personal information had been expunged, there's a very high probability that nothing was actually done and that all of your information was still there. This is purely based on my experience with various levels of customer service and managers--they'll tell you what you want to hear just to make you go away.

    --
    This guy's the limit!
    1. Re:just a hunch by TubeSteak · · Score: 4, Insightful
      they'll tell you what you want to hear just to make you go away.
      Which is why you _always_ insist on written confirmation.

      Never take their word for it.
      --
      [Fuck Beta]
      o0t!
    2. Re:just a hunch by bcattwoo · · Score: 2, Insightful

      they'll tell you what you want to hear just to make you go away.
      Which is why you _always_ insist on written confirmation.

      Never take their word for it.
      How is their written word any more reliable then their spoken one? Is the paper dipped in truth serum?

      Sure companies are more reluctant to lie in writing, but short of a data thief documenting the act of stealing your data from them, there is little chance of getting caught.
  2. A Guy sued over being on a mailing list... by Anonymous Coward · · Score: 5, Insightful
    a few years ago. He was tired of getting all of that junk mail ("Direct Marketing" according to Advo) and started suing those junk mail companies. He lost on every appeal. They won every time!

    I know, this is worse with all of the personal data that firms have, and many times, they were collected some other way other than the customer giving it to them.

    For example, I once switched over to Sprint telephone service. When I canceled, they wanted my SSN. I said, "That's funny, I never gave it to you." Long story short, they had it allright! They "needed" it so that they could cancel my service.

    My only guess is that the credit bureaus are pimping our data - ALL of our data! don't get me started on ChoicePoint!!!

    1. Re:A Guy sued over being on a mailing list... by nickcoons · · Score: 3, Insightful

      My only guess is that the credit bureaus are pimping our data - ALL of our data!

      I remember about five years back when I was running credit reports for applicants. Even though the policy of the company was to require all of the blanks filled in on their application, the software we then entered that data into would pull the credit report of the individual even without us filling in all the gaps. The system would let us put in enough information to sufficiently identify someone (like a name and address), and it would fill in the gaps (like a missing social security number).

      So in short response to your comment, yes, the credit bureaus do seem to be providing more than what is necessary to view a credit report.

  3. Re:The only way to be sure... by arth1 · · Score: 3, Insightful
    The only way to be sure is not to give out information in the first place and simply pay for things with cash (Wikipedia entry for "Cash" for those of you who are unfamiliar with it).

    Really, it's a trade off for using services in our modern culture. The thing is that nobody is forcing you to give away any of your information.


    This is technically true, but useless in practice.
    Nobody forces you to cash a checks, but try caching one without being a registered customer or handing over your full personalia for registration. Nobody forces you to drive a car, but try getting car insurance without giving up your SSN and other private data.
    Or try getting a job, but refuse to give out your social security number. Chances are you won't get a job, and will end up on the street. You won't get welfare, because that requires registration of your personalia.
    In reality, not handing over your information is impossible, unless you live on a reservation or Amish society.

    --
    *Art
  4. It's not that simple by skybrian · · Score: 3, Insightful

    Suppose you're running a one-person business and one of your customers is obnoxious to you. Should you be required to forget all about it and treat them as any new customer next time you see them? Requiring businesses to delete records about their customers is essentially enforced amnesia. Whenever there's a transaction, it seems pretty reasonable for both sides to remember what happened.

    And then there's the question not only of what you should remember but who should you tell. If you have a bad experience as a customer, most people would feel perfectly justified in telling their friends, posting to their blog, and engaging in other bad publicity towards the company. When a business gets ripped off, who are they allowed to tell? Should assholes and deadbeats get a free pass next time?

    The other side to this is that we've grown accustomed to a certain amount of anonymity when dealing with larger businesses. This is a sort of automatic forgiveness. Some kind of forgiveness is essential, because memories are fallible, records can be wrong, and people change. Not to mention that there's an enormous power imbalance when you're dealing with a big business. But the question of how long you should remember, what you should forgive and forget, and how that should affect peoples' reputations doesn't have simple answers.

  5. Re:Amazon.com won't... by Guido+von+Guido · · Score: 2, Insightful
    It's actually kind of funny when people change their information to garbage to keep us from tracking them when they bounce payments or something like that.

    Do you bother to look through the audit trail when they haven't bounced a payment or done anything dodgy like that? The original poster's stated intent wasn't to cheat anybody, after all.

  6. Re:Amazon.com won't... by Nutria · · Score: 2, Insightful

    My point is only that any semi-competent company is going to have a policy of "never throw away data", especially if it's customer changeable.

    This is only valid when data storage is inexpensive enough for you to to allocate magnetic media to store said data.

    While the NSA has (probably) been doing this for years, and Wal-Mart and MasterCard/Visa for about 15 years, it's only been broadly feasible since the introduction of inexpensive 100GB hard drives. Even now, we only keep tape archives for 7 years.

    Note that this whole thread, plus 500GB, and, this year, 1TB drives, means the absolute end of privacy. I estimate that a 42U rack can fit 240 drives. By the end of this year, that means that a company will fit 240TB in 4.75 cu ft.

    --
    "I don't know, therefore Aliens" Wafflebox1
  7. Provided... by C10H14N2 · · Score: 2, Insightful

    ...you don't own your home or your landlord has never run your credit--for that matter you have no credit (good luck owning a home then)--you're not employed, don't pay taxes, don't vote, have never been cited for any infraction of law (much less anything worse or actively sued or been sued for anything), don't drive, have no insurance of any kind, do not have a passport, have never sought medical care. Even after that, the POSTAL SERVICE certainly has your address and THEY certainly give that out as a matter of course.

    Yes, SOME databases are best avoided (say, spammers, unnecessary creditors and sweepstakes operations), but to attempt to be in NO databases...well, that becomes an exercise in pointless histrionics.