Roland Perry on 13 August 2004 at 18:26 said:- > OK, spill the beans to the rest of us more theoretical types then... Sorry, I was trying to be short and concise as I felt long winded on the other thread. What I meant was that audit trails, like any other material containing personal data should be kept for no longer than necessary for the purpose (Principle 5). Any retention period should correspond to the purpose the material is compiled. Altering the purpose audit material is compile for, say from system integrity to crime prevention/detection, would probably change the material which it was necessary to collect in order to fulfil that purpose, (Principle 3) otherwise the whole issue becomes tantamount to the equivalent of a by proxy fishing trip, with all the costs on the shoulders of the originating data controller. DP practitioners can become fairly practiced at trying to determine those principle issues as well as noticing hidden data flows/usage. Ian W ^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^ All archives of messages are stored permanently and are available to the world wide web community at large at http://www.jiscmail.ac.uk/lists/data-protection.html If you wish to leave this list please send the command leave data-protection to [log in to unmask] All user commands can be found at : - http://www.jiscmail.ac.uk/help/commandref.htm (all commands go to [log in to unmask] not the list please) ^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^