Legal record keeping issues apart, provided one can make a justification for a retention period based upon business needs then the only action the UKIC will take is to ask you to shorten that period. The student is at liberty to ask the UKIC to intervene and suggest a shorter period here, but the circumstances suggest that a full discussion with Egg should come first. Tim Trent - Consultant Direct: +44(0)1344 392644 Mobile:+44(0)7710 126618 Personal blog: http://timtrent.blogspot.com/ See also http://complianceandprivacy.com email: [log in to unmask] Marketing Improvement Limited, Abbey House, Grenville Place, Bracknell, United Kingdom, RG12 1BP http://www.marketingimprovement.com Important: This message is private and confidential. If you have received this message in error, please notify us and remove it from your system. This email and any attachment(s) are believed to be virus-free, but it is the responsibility of the recipient to make all the necessary virus checks. This email and any attachments to it are copyright of Marketing Improvement Limited unless otherwise stated. Their copying, transmission, reproduction in whole or in part may only be undertaken with the express permission, in writing, of Marketing Improvement Limited. Marketing Improvement Limited is registered in England No. 4283972. Registered Office: 643 Watford Way, London NW7 3JR and its VAT number is GB798 2065 86. -----Original Message----- From: This list is for those interested in Data Protection issues [mailto:[log in to unmask]] On Behalf Of Duncan Langford Sent: 11 May 2007 12:21 To: [log in to unmask] Subject: [data-protection] Appropriate length of retention...? One of my former students has just mailed me with a DTP query I'd like to share... He had an Egg card, and cancelled it. Some time later, he casually tried to access the Egg website, and discovered to his surprise that the account still appeared to be live. When he queried this with Egg, they told him: > For our own business reasons we retain application data on file, as > permitted by the Data Protection Act 1998. Currently we store > application data for six years. > > For your reassurance, all the information you've provided us with is > covered by this act. This regulates the way we use your information > and the purposes for which it's gathered. The Data Protection Act > stipulates that we must not keep your personal data for any longer > than necessary. The former student's query: > My query is over the statement of keeping data for longer than > necessary, and I don't understand why they should keep my data for six > years!! Seems a bit long. So, DTP gurus - IS six years 'a bit long'? Is there any consensus on just how long 'as long as necessary' actually is? Comments appreciated! - duncan ------------------------------------------------------------------------ ----- Dr Duncan Langford Computing Laboratory, University of Kent at Canterbury UK Practical Computer Ethics:McGrawHill Business Computer Ethics:AddisonWesley 'Internet Ethics' - MacMillan Press (UK) and St Martins Press (USA) 'Professional Issues in Computing' forthcoming (2007) from Thompson 'Interviewing in Social Care' forthcoming (2007) from MacMillans ------------------------------------------------------------------------ ----- ^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^ All archives of messages are stored permanently and are available to the world wide web community at large at http://www.jiscmail.ac.uk/lists/data-protection.html If you wish to leave this list please send the command leave data-protection to [log in to unmask] All user commands can be found at http://www.jiscmail.ac.uk/help/commandref.htm Any queries about sending or receiving messages please send to the list owner [log in to unmask] Full help Desk - please email [log in to unmask] describing your needs To receive these emails in HTML format send the command: SET data-protection HTML to [log in to unmask] (all commands go to [log in to unmask] not the list please) ^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^ All archives of messages are stored permanently and are available to the world wide web community at large at http://www.jiscmail.ac.uk/lists/data-protection.html If you wish to leave this list please send the command leave data-protection to [log in to unmask] All user commands can be found at http://www.jiscmail.ac.uk/help/commandref.htm Any queries about sending or receiving messages please send to the list owner [log in to unmask] Full help Desk - please email [log in to unmask] describing your needs To receive these emails in HTML format send the command: SET data-protection HTML to [log in to unmask] (all commands go to [log in to unmask] not the list please) ^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^