Roland Perry on 13 August 2004 at 18:26 said:-
> OK, spill the beans to the rest of us more theoretical types then...
Sorry, I was trying to be short and concise as I felt long winded on the
other thread.
What I meant was that audit trails, like any other material containing
personal data should be kept for no longer than necessary for the purpose
(Principle 5). Any retention period should correspond to the purpose the
material is compiled.
Altering the purpose audit material is compile for, say from system
integrity to crime prevention/detection, would probably change the material
which it was necessary to collect in order to fulfil that purpose,
(Principle 3) otherwise the whole issue becomes tantamount to the equivalent
of a by proxy fishing trip, with all the costs on the shoulders of the
originating data controller.
DP practitioners can become fairly practiced at trying to determine those
principle issues as well as noticing hidden data flows/usage.
Ian W
^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^
All archives of messages are stored permanently and are
available to the world wide web community at large at
http://www.jiscmail.ac.uk/lists/data-protection.html
If you wish to leave this list please send the command
leave data-protection to [log in to unmask]
All user commands can be found at : -
http://www.jiscmail.ac.uk/help/commandref.htm
(all commands go to [log in to unmask] not the list please)
^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^
