>>But surely it's the other way around, isn't it? You have to tell the IC
why
you are keeping it and why you need a perpetual audit trail. <<
The period of retention allowed, is that which is necessary to achieve a
stated purpose(s). The DPA only limits the purposes for which I process
data on the basis of legality and fairness.
So if the purpose, to which the data subject has consented, requires
retention in perpetuity, so be it.
So what purpose could possibly require such a lengthy period of retention?
Reserving the right to store in perpetuity just because you can, doesn't
constitute a purpose; there has to be a 'so that I can ...' part to the
argument.
Remembering where this thread started, let's assume it is so that we can
re-build our company knowledge bank after a devastating fire. Because data
mining technology is constantly evolving, I wish to retain all data so that
it is available for analysis as new technology arrives in the market place.
If I scripted a fair processing statement with a broad enough brush, would
not this satisfy the requirement of the legislation?
Duncan
-----Original Message-----
From: This list is for those interested in Data Protection issues
[mailto:[log in to unmask]] On Behalf Of [log in to unmask]
Sent: Thursday, November 17, 2005 2:37 PM
To: [log in to unmask]
Subject: Re: [data-protection] Reopening the "Backups" discussion
In a message dated 17/11/05 09:53:58 GMT Standard Time,
[log in to unmask]
writes:
> How could the Information Commissioner say the DC was keeping it for
> longer than necessary? The stated purpose is to recover audit trail
> in perpetuity, therefore it is necessary to keep the data in
> perpetuity.
>
> I believe you would have to prove that this 'purpose' was not lawful
> before it fell foul of DPA.
----------
But surely it's the other way around, isn't it? You have to tell the IC why
you are keeping it and why you need a perpetual audit trail. Take for
example
the statute of limitations, ROA or any one of a number of laws that limit
the
retention of certain types of data. If the data were depersonalised,
maintaining your audit trail to the extent that it is of any use, would not
cause any
problems.
Imagine getting a letter in 20 years' time telling you that "when you
attended one of our courses in 2005 we undercharged you and you owe us £50
plus a
large amount of interest." Or "although you didn't choose to receive
further
information in perpetuity, we thought you might be interested in our course
: How
the ID Cards Led to a Total Breakdown of Societal Values."
If however, records only showed that a 2005 course had 25 delegates and the
current (2025) version of the course now attracts 50, that is useful
information and unlikely to be in breach of anything.
Ian B
Ian Buckland
Keep I.T. Legal Ltd
(Reg: 3822335)
Please Note: The information given above does not replace or negate the need
for proper legal advice and/or representation. It is essential that you do
not
rely upon any advice given without contacting your solicitor. If you need
further explanation of any points raised please contact Keep I.T. Legal Ltd
at
the address below:
55 Curbar Curve
Inkersall, Chesterfield
Derbyshire S43 3HP
Tel: 01246 473999
Fax: 01246 470742
E-mail: [log in to unmask]
^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^
All archives of messages are stored permanently and are
available to the world wide web community at large at
http://www.jiscmail.ac.uk/lists/data-protection.html
If you wish to leave this list please send the command
leave data-protection to [log in to unmask]
All user commands can be found at : -
http://www.jiscmail.ac.uk/help/commandref.htm
Any queries about sending or receiving message please send to the list owner
[log in to unmask]
(all commands go to [log in to unmask] not the list please)
^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^
^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^
All archives of messages are stored permanently and are
available to the world wide web community at large at
http://www.jiscmail.ac.uk/lists/data-protection.html
If you wish to leave this list please send the command
leave data-protection to [log in to unmask]
All user commands can be found at : -
http://www.jiscmail.ac.uk/help/commandref.htm
Any queries about sending or receiving message please send to the list owner
[log in to unmask]
(all commands go to [log in to unmask] not the list please)
^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^
|