Slashdot Mirror

← Back to Stories (view on slashdot.org)

Deleting Personal Data from Private Institutions?

Posted by Cliff on from the static-on-your-digital-paper-trail dept.

An anonymous reader asks: "This site has many readers who are familiar with the liabilities of personal data being stored on servers owned by private institutions. Bank records, phone records, credit records, flight records, basically any type of digital transaction can be (and likely are) stored indefinitely for whatever reason. Are there processes by which one can request a removal of personal data, or by signing contracts with these companies, do they own the rights to the information? If you have attempted such an erasure, have you encountered resistance?"

12 of 103 comments (clear)

  1. The rules have changed by unassimilatible · · Score: 4, Interesting

    with the passage of Sarbanes-Oxley. Might be harder than ever to get them to do it, since they could face prison time for violating the act.

    --
    Slashdot "libertarians": Small government for me, big government for those I disagree with. -1, I disagree with you
  2. Sounds easy enough to me... by zappepcs · · Score: 4, Funny

    Just file for copyright of all personal information pertaining to yourself, and when a problem arises, simply file a DMCA violation complaint against them.

    HAHA that would totally fsck up the SarBox rules :)

    --
    Support NYCountryLawyer RIAA vs People
  3. Amazon.com won't... by scottsk · · Score: 4, Informative

    Back when amazon.com was a new company struggling to get customers, they said they would never share your personal information with anyone -- and then a few years later stabbed everyone in the back by reversing this policy. At that time, I did not want to be their customer anymore and wanted my customer data expunged. I was told that there was no way to stop being a customer and have historical information purged.

    1. Re:Amazon.com won't... by Skewray · · Score: 4, Interesting

      I just get into the online form for the company in question and enter crazy trash into all the blanks. Afterwards, all they have is junk that has nothing to do with me. The likelihood that anyone searches the backups is nil.

    2. Re:Amazon.com won't... by Reality+Master+101 · · Score: 4, Informative

      I just get into the online form for the company in question and enter crazy trash into all the blanks. Afterwards, all they have is junk that has nothing to do with me. The likelihood that anyone searches the backups is nil.

      That's assuming they don't keep easy-accessible audit trails and change logs for all of the fields. All of my e-commerce systems do. It's actually kind of funny when people change their information to garbage to keep us from tracking them when they bounce payments or something like that.

      --
      Sometimes it's best to just let stupid people be stupid.
    3. Re:Amazon.com won't... by Reality+Master+101 · · Score: 4, Interesting

      Do you bother to look through the audit trail when they haven't bounced a payment or done anything dodgy like that? The original poster's stated intent wasn't to cheat anybody, after all.

      There's an automated system that tracks new customers against all the old data in order to identify people who've cheated the company in the past. So it depends on what you define as "bother to look through". If I was going to create a marketing list for whatever reason, I might use the old data, but who knows what other people do with stuff like this. My point is only that any semi-competent company is going to have a policy of "never throw away data", especially if it's customer changeable.

      --
      Sometimes it's best to just let stupid people be stupid.
  4. just a hunch by gEvil+(beta) · · Score: 4, Insightful

    I'd guess that even if you did get someone at a company to state that your personal information had been expunged, there's a very high probability that nothing was actually done and that all of your information was still there. This is purely based on my experience with various levels of customer service and managers--they'll tell you what you want to hear just to make you go away.

    --
    This guy's the limit!
    1. Re:just a hunch by TubeSteak · · Score: 4, Insightful
      they'll tell you what you want to hear just to make you go away.
      Which is why you _always_ insist on written confirmation.

      Never take their word for it.
      --
      [Fuck Beta]
      o0t!
  5. In Europe by MeltUp · · Score: 5, Informative

    Well, here in Belgium it's simple. There's a law that gives you the right to request all info they have on you, and allows you to order them to delete it. I'm not 100% sure, but I think at least a few other European counties have a law like that.

    --
    Computers are useless. They can only give you answers. -- Pablo Picasso
    1. Re:In Europe by Wally4u · · Score: 4, Informative

      The dutch privacy act give room for this. http://home.planet.nl/~privacy1/wbp_en_rev.htm You can demand you personal data to be destroyed except when it has a specific purpose (ie bank records, police records etc). If they fail to do so, or sell the data without written consent they can be fined.

  6. I know in health IT the data is everywhere by Average_Joe_Sixpack · · Score: 4, Interesting

    Some registration systems offer the patient the option of masking personal data, but it's still sent off to various vendors and ancillary systems during the course of treatment. Along the way it's cached, stored in databases and printed ... and it's not uncommon for the data to find its way into files that fail to be deleted. I've seen dump/bug check files and other temp files containing personal information. Lord knows what forensic tools could uncover.

    So my answer would be no, given current architectures and system implementation methods.

  7. A Guy sued over being on a mailing list... by Anonymous Coward · · Score: 5, Insightful
    a few years ago. He was tired of getting all of that junk mail ("Direct Marketing" according to Advo) and started suing those junk mail companies. He lost on every appeal. They won every time!

    I know, this is worse with all of the personal data that firms have, and many times, they were collected some other way other than the customer giving it to them.

    For example, I once switched over to Sprint telephone service. When I canceled, they wanted my SSN. I said, "That's funny, I never gave it to you." Long story short, they had it allright! They "needed" it so that they could cancel my service.

    My only guess is that the credit bureaus are pimping our data - ALL of our data! don't get me started on ChoicePoint!!!