Re Retain no longer than is necessary for its purpose.
Recent FSA fine (1.25 million) on the Bank of Scotland regards their Money Laundering record keeping, appears to clarify some data retention periods on the personal data used to identify customers of all organisation subject to Money Laundering Regulations. This in Section 2.3 of the BoS Final notice. See link :
http://www.fsa.gov.uk/pubs/final/bos_12jan04.pdf
Given these retention periods and the fact that the identity doucuments provided by customers are likely to originate in paper form ypu can see interesting storage and scanning costs arising. Storage solutions could have to consider substantial periods. Some electronic storage if used doesn't have that life span so may have to be recopied during its storage life. How will FSA and Durant impact the storage and indexing of identity checking documents from a SAR view. Can such documents be argued as having no impact on Privacy ???
Also interesting the arguments re the scale of the fine included that in 3.5 (4) of the document.
Could this be a veiled reference to being able to satisfy a SAR?
David Wyatt
David Wyatt
^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^
All archives of messages are stored permanently and are
available to the world wide web community at large at
http://www.jiscmail.ac.uk/lists/data-protection.html
If you wish to leave this list please send the command
leave data-protection to [log in to unmask]
All user commands can be found at : -
http://www.jiscmail.ac.uk/help/commandref.htm
(all commands go to [log in to unmask] not the list please)
^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^
|