If personal data which has been collected in breach of the DPA 1998 formed evidence of some sort in legal proceedings the individual/organisation were a party to, and that data were pertinent to those proceedings, would the organisation then need to destroy it immediately, rather than letting the courts determine its validity in any particular case in question? It sounds more like these issues can be very circumstantial and, as is often the case, lacking of a standard generic response applicable in all circumstances and so requiring consideration from many perspectives. (Including that of the legal system actually promoting people to illegally collect personal data.) Ian W ^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^ All archives of messages are stored permanently and are available to the world wide web community at large at http://www.jiscmail.ac.uk/lists/data-protection.html If you wish to leave this list please send the command leave data-protection to [log in to unmask] All user commands can be found at : - http://www.jiscmail.ac.uk/help/commandref.htm (all commands go to [log in to unmask] not the list please) ^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^