Slashdot Mirror
Deleting Personal Data from Private Institutions?
An anonymous reader asks: "This site has many readers who are familiar with the liabilities of personal data being stored on servers owned by private institutions. Bank records, phone records, credit records, flight records, basically any type of digital transaction can be (and likely are) stored indefinitely for whatever reason. Are there processes by which one can request a removal of personal data, or by signing contracts with these companies, do they own the rights to the information? If you have attempted such an erasure, have you encountered resistance?"
with the passage of Sarbanes-Oxley. Might be harder than ever to get them to do it, since they could face prison time for violating the act.
Slashdot "libertarians": Small government for me, big government for those I disagree with. -1, I disagree with you
Some registration systems offer the patient the option of masking personal data, but it's still sent off to various vendors and ancillary systems during the course of treatment. Along the way it's cached, stored in databases and printed ... and it's not uncommon for the data to find its way into files that fail to be deleted. I've seen dump/bug check files and other temp files containing personal information. Lord knows what forensic tools could uncover.
So my answer would be no, given current architectures and system implementation methods.
The only way to be sure is not to give out information in the first place and simply pay for things with cash (Wikipedia entry for "Cash" for those of you who are unfamiliar with it).
Really, it's a trade off for using services in our modern culture. The thing is that nobody is forcing you to give away any of your information.
It is possible to keep your data private, if you so choose. My home address, in fact, is in no databases except for my power company, and I receive -zero- mail there, which is, as far as I can tell, the only way to be sure that that particular data isn't floating around out there.
I just get into the online form for the company in question and enter crazy trash into all the blanks. Afterwards, all they have is junk that has nothing to do with me. The likelihood that anyone searches the backups is nil.
Do you bother to look through the audit trail when they haven't bounced a payment or done anything dodgy like that? The original poster's stated intent wasn't to cheat anybody, after all.
There's an automated system that tracks new customers against all the old data in order to identify people who've cheated the company in the past. So it depends on what you define as "bother to look through". If I was going to create a marketing list for whatever reason, I might use the old data, but who knows what other people do with stuff like this. My point is only that any semi-competent company is going to have a policy of "never throw away data", especially if it's customer changeable.
Sometimes it's best to just let stupid people be stupid.
This is only valid when data storage is inexpensive enough for you to to allocate magnetic media to store said data.
Eh, it's not as hard (or as storage-consuming) as you might think. I developed a medical system in the early 90s that kept a history of all changes. The fact is that usually one gets new data much faster than old data changes. It depends on the application, of course, but that's been my experience. Of course, I only store what actually changes, I don't clone entire records.
Sometimes it's best to just let stupid people be stupid.
Actually, the lawsuit involving Major League Baseball and the fantasy leagues could make this a distinct possibility. MLB is saying that stats (numbers) generated from a ballgame are copyrighted, and owned by MLB, and therefore the fantasy leagues can't use the numbers without permission, i.e. pay. I don't think the suit has been resolved yet, but if MLB wins, it's not a big stretch to apply that to data generated by an individual.