For our own I looked at tests of reasonableness. I also took legal advice,
since this is not an area which can be mucked around with.
Our conclusions were:
1) If it has been custom and practice to retain personal data for a
substantial time and it can be justified with regard to the law, that period
should be documented for that type of processing and used.
2) Where a time limit exists within which one MUST disclose data to a data
subject, the retention period must be no shorter than that time limit. To
allow for reasonableness we added 50% to that legal period as our minimum
retention period, since a reasonable person might interpret that law in
spirit and not in letter.
There are fluctuations here and specific circumstances (like holding dietary
requirements for catering for an event, and choosing to delete these as son
as the need to provide food has expired, since they imply religious
affiliations) that alter cases. Documenting these is desirable as a policy
that is a public domain document, available freely on request
_____________________________________________________________
Tim Trent
Chief Privacy Officer EMEA
Gartner
EMEA Marketing, Tamesis, The Glanty, Egham, Surrey, United Kingdom,
TW20 9AW
Switchboard +44 (0)1784 431 611, Direct Line +44 (0)1784 267 335, Mobile +44
(0)7710 126 618, Fax +44 (0)1784 268 932
http://www.gartner.com
[log in to unmask]
The opinions expressed in this message are my own, and may or may not
reflect those of my employer. They are expressed as a part of the
discussion on the JISCMail mailing list on data protection and for no other
purpose. They have no legal standing and are offered as part of informed
and informal discussion. They may NOT be attributed to Gartner in any way.
Any personal data provided is provided expressly for use of discussions on
the JISCMail Data Protection Discussion list. Under the UK Data Protection
Act 1998 I expressly forbid any individual or organisation to make
commercial use of my data published either on the email list or in the
archives of that or other lists whether this message appears or not. This
includes messages already published in the archives.
-----Original Message-----
From: Talbot Richard [mailto:[log in to unmask]]
Sent: 16 September 2002 12:13
To: [log in to unmask]
Subject: Retention Periods
We are in the process of setting up retention period procedures for our
records. So that I don't have to reinvent the wheel does anyone know of any
documentation/websites that can give me some guidance.
Thanks
> Richard Talbot
> QinetiQ Ltd. Data Protection Adviser
> Bldg 59 Room 1
> QinetiQ Ltd Bincleaves
> 806-4663
> +44 1305 764663
>
The Information contained in this E-Mail and any subsequent correspondence
is private and is intended solely for the intended recipient(s).
For those other than the recipient any disclosure, copying, distribution,
or any action taken or omitted to be taken in reliance on such information
is prohibited and may be unlawful.
^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^
All archives of messages are stored permanently and are
available to the world wide web community at large at
http://www.jiscmail.ac.uk/lists/data-protection.html
If you wish to leave this list please send the command
leave data-protection to [log in to unmask]
All user commands can be found at : -
www.jiscmail.ac.uk/user-manual/summary-user-commands.htm
(all commands go to [log in to unmask] not the list please)
^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^
^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^
All archives of messages are stored permanently and are
available to the world wide web community at large at
http://www.jiscmail.ac.uk/lists/data-protection.html
If you wish to leave this list please send the command
leave data-protection to [log in to unmask]
All user commands can be found at : -
www.jiscmail.ac.uk/user-manual/summary-user-commands.htm
(all commands go to [log in to unmask] not the list please)
^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^
|