Has anyone considered or taken into account the provisions of the DDGS in
relation to retention periods - in particular the fact that banks will on
request refund a customer who claims payments have been made after
he 'cancelled' the DD - and this part of the guarantee is without time
limit.
For example we operate a club where monthly subscriptions are collected
from members by DD. The member resigns in September 2004 and we stop
collecting.
After 12 months (to comply with Data Protection) we destroy our records of
the member as 'we no longer need to keep them'. A month later he writes to
his bank and alleges he ceased to be a member in 2000 and the bank, as it
must, refunds 4 years subscriptions and claims it back from us. We no
longer have any records to show that this is fraudulent (we cannot keep
the financial records without keeping the personal details).
Do we keep the records indefinitely or do a risk assessment and just keep
them for a couple of years accepting a potential loss in a (hopefully)
small number of cases ?
If I ever emigrate to Brasil I will claim back 20 years Council Tax paid
by DD just before I leave !
|