I know this subject has been discussed before, however not having a legal background or being familiar with employment/pensionlaws etc I would welcome any input (AND apolgise for the length of my question.) I provided my HR team with the commissioner's suggested timescales for retining data and they have returned with the following which they claim takes account of other business needs and laws too. (note - only a sample) Written Particulars of Employment/Contract;Letter of appointment,acceptance: Qualifications;Changes to Terms and Conditions; Record of whole career; Declaration of Interests;Confidentiality Agreement; Health Declarations; Health Referrals (including medical reports from doctors and consultants)Papers relating to any injury at work and pension data - to be held until age 72. AND- Discipline and Grievance Investigations, where unfounded to be removed and destroyed immediately. Apart from the lengthy timescales, with regard to sickness records I believed HR management were only to hold basic details eg period and frequency of absence, but not medical reports from doctors and consultants, these were to be held by company doctors or occupational health staff and not disclosed in detail to HR staff. They would recieve a report with recommndations based on their medical review. Finally,the destruction of unfounded discipline and grievance records. I can accept this, as it would be considered innaccurate and excessive etc to retain, but should we not consider asking the data subject whether they wish this information to be destroyed or retained? Consider a pattern of wrongful accusations (e.g.hate grudge) over a long period. The records are destroyed each time , new managers come into place and fresh accusations are made, how would the "victim" prove harassment with no records to refer back to? ^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^ All archives of messages are stored permanently and are available to the world wide web community at large at http://www.jiscmail.ac.uk/lists/data-protection.html If you wish to leave this list please send the command leave data-protection to [log in to unmask] All user commands can be found at : - www.jiscmail.ac.uk/user-manual/summary-user-commands.htm (all commands go to [log in to unmask] not the list please) ^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^