In message <007001c47617$d374d070$633468d5@com>, Ian Welton
<[log in to unmask]> writes
>Also are there any good examples of utilising audit trails to review/confirm
>the appropriate retention periods for personal data. i.e. no access to data
>over ?? months/years has been made for the past ?? months years, so the
>appropriate retention must be ??.
A lot of work has been done in this area with respect to CSP data, for
which there is a mixture of forces at play.
Some of the data is required for installation of the service, and others
for billing. Accountants and taxmen can say how long you need to keep
the latter (7 years, or is it Oftel's old recommendation of "3 Billing
periods"; in any event, how long after a customer has paid the bill will
he expect you to be able answer questions about it?) And the engineers
will say you have to keep the former until at least 1 quarantine period
after the customer has left (eg BT quarantines an outgoing householder's
phone numbers for 6 months where possible). Operationally, to catch
fraudsters, abusive callers (incl spammers) and so on, how long after
the event is the trail likely to have gone cold? (eg. many say about 2
weeks for spammers).
The police, who use much of the same data for investigating crimes,
would like everything kept for ever (there is, after all, still someone
on the Suzy Lamplugh case), but have agreed various more practical
periods with industry. (The UK is currently trying to shift a
bastardised version of that through the EU). There is anecdotal evidence
regarding how often the police come looking for data and find it's too
late (although they also argue that this figure is artificially low
because their expectations, after a year or two have passed, are also
low).
The Criminal Cases Review Commission would like evidence preserved for
as long as they are allowed remit to investigate, which is 7 years I
think.
On the other hand, collecting CCTV tapes from the possible scene of a
crime, before they are recycled, seems to down to a pragmatic deployment
of quick-witted police rather than interminable requests for a bigger
supply of blank tapes. Is CSP data retention always asked to be longer,
just because [people think] the industry "can" ??
--
Roland Perry
^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^
All archives of messages are stored permanently and are
available to the world wide web community at large at
http://www.jiscmail.ac.uk/lists/data-protection.html
If you wish to leave this list please send the command
leave data-protection to [log in to unmask]
All user commands can be found at : -
http://www.jiscmail.ac.uk/help/commandref.htm
(all commands go to [log in to unmask] not the list please)
^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^
|