Thoughts on deleting member accounts

[Talisman]

I thought this "data processor" aspect was interesting. So to find out more, I took a look at the Data Protection Act of 1998. But based what it says in its definitional terms, principles, and applicability, I don't believe it applies to anything we're doing.

We're here running a general or special interest forum on the internet -- we're not in the role of (1) collecting personal data on a group of individuals ... so we can (2) process their personal information through an automated system ... for the purpose of (3) creating and maintaining a body of personal records on all these people. (That's what this Act is for.)

If you read through this Act, you'll see it protects people against organizations that run data processing operations using VERY PERSONAL stuff..... as in credit reporting agencies, medical record filing, direct marketing purposes, and educational records. That's not what we do.

By "personal data" ..... it defines this as the sort of information about a living individual that would identify who they are (from that data). It includes opinions expressed about these people by others. And it goes on to address what it calls "sensitive personal data," which it defines as:

(a) the racial or ethnic origin of the data subject,

(b) his political opinions,

(c) his religious beliefs or other beliefs of a similar nature,

(d) whether he is a member of a trade union (within the meaning of the Trade Union and Labour Relations (Consolidation) Act 1992),

(e) his physical or mental health or condition,

(f) his sexual life,

(g) the commission or alleged commission by him of any offence, or

(h) any proceedings for any offence committed or alleged to have been committed by him, the disposal of such proceedings or the sentence of any court in such proceedings.

Nothing we do involves anyone's full name, address, marital status, employment history, dental records, credit rating, military service rank, social security number, voting records, party affiliation, financial records, criminal arrest record... or anything at all personal about them.

Under "application of Act" ....... it applies only if the data controller is established in the United Kingdom and the data are processed in the context of that establishment, or the data collector is using equipment in the United Kingdom to process the data.

Well you do research as well.

Okay got a flaw in your agreement re a number of pages ago.

Talking to our HR people (and blaming you for them now demanding mods to our software), we keep records for ten years due to legal requirement to produce Group Certificates (tax thing, not sure what they are called in the US or UK), if a former employee requests one.

A number of details are deleted about an employee after they leave, but address and tax details are retained. After 10 years the employees records are complete erased from our database, due to IRS (tax dept) limitations <insert really weird HR type words> not requiring them to be keeped

There you go, for employers it's to do with a Tax requirement

Think this is similar to work place smoking ban. Most Employers don't give a rats either way, but have enforced it due to legal requirements, or probably more importantly cause they can get sued in later years.

*Jethro moves pawn to bloke Talisman's Queen :lol:

Filburt here's the Ikonboard link. Took a while to find where l read it.

*Mods, Admins - feel free to delete this post if it violates rules and regs, not sure on the ruling on this one :dunno:

[Talisman]

What, you again?? Gosh, you're a persistent fellow.

Yes, I'll do a little research when something new comes up if I'm not familiar with it. (What can I say? It's a curse.) That Data Protection Act really did sound like it applied to us at first glance. I didn't have a clue what that was all about, so I had to check it out. And even then, I still had to read over the stuff I found a few times before it dawned on me that data collecting really meant DATA COLLECTING and processing, retrieval, and so on. That's important stuff if you're handing out bank loans to birdwatchers (credit history/financial data) or running a rehab center for stressed out chess masters (medical/psychiatric records).

I really am interested in this topic because I fully intend to keep some (private) historical record of our closed memberships (email addresses, IP addresses, locations, join dates, and such). So if we actually find something legally binding that says I'm obliged to delete that stuff upon request and I can't find a (legal) way to wiggle out of it, I'll be really bummed.

Okay, so it looks like we agree on two points, thus far: (1) Keeping some guy's user name and IP address doesn't infringe on anybody's copyright, and (2) we don't even have personal information on these people in the first place, so there's no data collection or protection issue to worry about. So now we move on to Records Management.....

Mind you, my little website and message board is not a commercial enterprise, so it doesn't actually fall under these corporate laws and regulations. But that's okay.... we'll still look at them.

If I remember correctly, corporations in the United States are required by law to retain (general) business documents for seven years and they're bound by IRS regulations to keep their financial records for 21 years. (That timing might be outdated, for alI know. I didn't look it up.) Other records would also be covered by different rules ..... legal files, employment records, permits/certifications, hazardous material management, etc. Having checked with your HR department, you know each of the top managers in these areas have to know and abide by the laws, standards, and specifications that pertain to their field. And they're responsible to make sure the firm sets corporate policy in accordance with applicable local, state, and federal laws. On and on....

So with this in mind, what you've just told us, Jethro, is in full agreement with the point I was making. (Sorry, dude.) By this, I mean that a departing employee can't just quit his or her job and force the employer to totally destroy every teensy detail they have in their files - just because this person asks to be deleted. On the contrary, that company will instead follow the policy they've developed to handle how they keep and dispose of their records.... according to everything else they need to consider.

To illustrate my point, I gave an employer-employee analogy. Now, in consideration of that company's Records Management responsibilities, I'll expand that same text a wee bit to show you that it's still valid.

Quote:

"Let's say somebody quits a job. Their former employer "deletes" them from the ranks of their active workforce and closes everything down that has anything to do with this individual <<in accordance with company policy and applicable local, state, and federal law.>> But their old personnel records will end up being stored in the company's archives <<in keeping with current records management practices>>, the memos they wrote will still exist in old correspondence files <<until such time as those files are scheduled for destruction>>, and the funny cartoon they tacked up on the lunch room's bulletin board might still be there a few years later.

While the person may no longer be an employee, the firm still retains very detailed records that they worked there in the past."

Is that better?

[high]* Talisman tries not to giggle at Jethro's last move (the poor dear) and suggests he deploy something more than just a pawn if he wants to go after that queen.[/high]

[filburt1]

Quote:

Yesterday at 11:54 PM Jethro said this in Post #44
Filburt here's the Ikonboard link. Took a while to find where l read it.

*Mods, Admins - feel free to delete this post if it violates rules and regs, not sure on the ruling on this one :dunno:

Yeesh can't believe that they'd do such a thing...