Deleting Personal Data from Private Institutions?

An anonymous reader asks: "This site has many readers who are familiar with the liabilities of personal data being stored on servers owned by private institutions. Bank records, phone records, credit records, flight records, basically any type of digital transaction can be (and likely are) stored indefinitely for whatever reason. Are there processes by which one can request a removal of personal data, or by signing contracts with these companies, do they own the rights to the information? If you have attempted such an erasure, have you encountered resistance?"

The rules have changed

[unassimilatible]

with the passage of Sarbanes-Oxley [wikipedia.org]. Might be harder than ever to get them to do it, since they could face prison time for violating the act.

Sounds easy enough to me...

[zappepcs]

Just file for copyright of all personal information pertaining to yourself, and when a problem arises, simply file a DMCA violation complaint against them.

HAHA that would totally fsck up the SarBox rules :)

Re:

[MoHaG]

You aren't allowed to copyright facts.

So that's why textbooks are so expensive?

Re:

[BigLonn]

actually, thats,,,,, BRILLIANT!
its so stupid it might work, any lawyers in the house???? :P

Re:

[SEWilco]

Sorry, BRILLIANT is not allowed on Slashdot. Was it Insightful or Informative?

Re:

[itchyfish]

Actually, the lawsuit involving Major League Baseball and the fantasy leagues could make this a distinct possibility. MLB is saying that stats (numbers) generated from a ballgame are copyrighted, and owned by MLB, and therefore the fantasy leagues can't use the numbers without permission, i.e. pay. I don't think the suit has been resolved yet, but if MLB wins, it's not a big stretch to apply that to data generated by an individual.

Rage against the Machine!

[deodiaus2]

This is impossible to do. However, I was thinking if the reverse is possible. To keep and diseminate critical information about companies and its C-level employees. So, DoubleClick tracks us. Maybe we should track DoubleClick's CEO. How about seeing up a web site like a total fan would? Make him more popular than Britney Spears. Users can submit pictures of him driving down the highway, going shopping, visiting clients, taking a bathroom break at the rest stop. And lets not stop at examining his purc

Re:

[nasor]

It's a funny idea, but you can't copyright facts. Your phone number, address, etc. would all fall into the realm facts; that's why the information in phone books isn't covered by copyright.

Re:

[MoHaG]

that's why the information in phone books isn't covered by copyright.

You must mean "The Phone Book®" (See footer here [google.com])

Re:

[nasor]

Presentations of facts, like the layout of any specific phone book, can be copyrighted, but the information itself can't be copyrighted. Only "creative works" can be copyrighted. The layout of a phonebook, its cover art, etc. are all creative works, but the names and phone numbers themselves aren't covered by copyright. Not in the US, anyway.

Amazon.com won't...

[scottsk]

Back when amazon.com was a new company struggling to get customers, they said they would never share your personal information with anyone -- and then a few years later stabbed everyone in the back by reversing this policy. At that time, I did not want to be their customer anymore and wanted my customer data expunged. I was told that there was no way to stop being a customer and have historical information purged.

Neither will PayPal/eBay

[Down8]

I tried, back when eBay bought PayPal and said they'd turn over anything to anyone, to remove myself from both userbases. It failed miserably. They said they would not remove me from their records. In fact, I still have an accessible profile at eBay (and presumably at PayPal).

-bZj

Re:Amazon.com won't...

[Skewray]

I just get into the online form for the company in question and enter crazy trash into all the blanks. Afterwards, all they have is junk that has nothing to do with me. The likelihood that anyone searches the backups is nil.

Re:Amazon.com won't...

[Reality Master 101]

I just get into the online form for the company in question and enter crazy trash into all the blanks. Afterwards, all they have is junk that has nothing to do with me. The likelihood that anyone searches the backups is nil.

That's assuming they don't keep easy-accessible audit trails and change logs for all of the fields. All of my e-commerce systems do. It's actually kind of funny when people change their information to garbage to keep us from tracking them when they bounce payments or something like that.

Re:

[Guido von Guido]

It's actually kind of funny when people change their information to garbage to keep us from tracking them when they bounce payments or something like that.

Do you bother to look through the audit trail when they haven't bounced a payment or done anything dodgy like that? The original poster's stated intent wasn't to cheat anybody, after all.

Re:Amazon.com won't...

[Reality Master 101]

Do you bother to look through the audit trail when they haven't bounced a payment or done anything dodgy like that? The original poster's stated intent wasn't to cheat anybody, after all.

There's an automated system that tracks new customers against all the old data in order to identify people who've cheated the company in the past. So it depends on what you define as "bother to look through". If I was going to create a marketing list for whatever reason, I might use the old data, but who knows what other people do with stuff like this. My point is only that any semi-competent company is going to have a policy of "never throw away data", especially if it's customer changeable.

Re:

[Nutria]

My point is only that any semi-competent company is going to have a policy of "never throw away data", especially if it's customer changeable.

This is only valid when data storage is inexpensive enough for you to to allocate magnetic media to store said data.

While the NSA has (probably) been doing this for years, and Wal-Mart and MasterCard/Visa for about 15 years, it's only been broadly feasible since the introduction of inexpensive 100GB hard drives. Even now, we only keep tape archives for 7 years.

Note t

Re:

[Reality Master 101]

This is only valid when data storage is inexpensive enough for you to to allocate magnetic media to store said data.

Eh, it's not as hard (or as storage-consuming) as you might think. I developed a medical system in the early 90s that kept a history of all changes. The fact is that usually one gets new data much faster than old data changes. It depends on the application, of course, but that's been my experience. Of course, I only store what actually changes, I don't clone entire records.

Re:

[Electrum]

I estimate that a 42U rack can fit 240 drives. By the end of this year, that means that a company will fit 240TB in 4.75 cu ft.

With the Sun Fire X4500 [sun.com], a 4U server that holds 24 drives, your estimate is exactly right. However, even with 1TB drives, you have to account for redundancy and other overhead (such as database indexes), so the total usable space is probably less than half that. Fitting a 100TB data warehouse into one rack seems feasible in the near future.

Storage services such as Amazon's S3 [amazon.com] mak

Re:

[Nutria]

However, even with 1TB drives, you have to account for redundancy and other overhead (such as database indexes)

Doh! I feel so ashamed. Pardon me while I go into the other room and self-flagellate.

Re:

[Fulcrum of Evil]

Ever hear about a credit card breach involving Amazon? Me neither. I'm curious exactly how Amazon screwed you.

just a hunch

[gEvil (beta)]

I'd guess that even if you did get someone at a company to state that your personal information had been expunged, there's a very high probability that nothing was actually done and that all of your information was still there. This is purely based on my experience with various levels of customer service and managers--they'll tell you what you want to hear just to make you go away.

Re:just a hunch

[TubeSteak]

they'll tell you what you want to hear just to make you go away.

Which is why you _always_ insist on written confirmation.

Never take their word for it.

Re:

[bcattwoo]

they'll tell you what you want to hear just to make you go away.

Which is why you _always_ insist on written confirmation.

Never take their word for it.

How is their written word any more reliable then their spoken one? Is the paper dipped in truth serum?

Sure companies are more reluctant to lie in writing, but short of a data thief documenting the act of stealing your data from them, there is little chance of getting caught.

Re:

[Matt Perry]

How is their written word any more reliable then their spoken one?

When it's in writing it becomes legally binding and can be used in court as evidence should you ever need to go down that path. If it's not in writing then it's just your word against theirs.

This is a fundamental thing to understand about business, and I would say a fundamental life lesson. If it's not in writing, it means nothing. Never take someone's word on something, particularly if it's regarding something that's important to you. Wh

In Europe

[MeltUp]

Well, here in Belgium it's simple. There's a law that gives you the right to request all info they have on you, and allows you to order them to delete it. I'm not 100% sure, but I think at least a few other European counties have a law like that.

Re:In Europe

[Wally4u]

The dutch privacy act give room for this. http://home.planet.nl/~privacy1/wbp_en_rev.htm [planet.nl] You can demand you personal data to be destroyed except when it has a specific purpose (ie bank records, police records etc). If they fail to do so, or sell the data without written consent they can be fined.

Re:

[Gothmolly]

Hahaha! ROFL. You think that they actually do it though? Then again, you probably think that all your laws are there to protect you too.

Re:

[MeltUp]

Hahaha! ROFL. You think that they actually do it though?

Most do. Off course some don't, especially as it's not easy to know. But even if they keep the data, they at least leave you alone. If not, they'll give you proof you can use to sue. And before you laugh again, courts DO occasionally get it right :P

Then again, you probably think that all your laws are there to protect you too.

Off course not, there's a lot of problems, but it's not nearly as bleak as you make it appear. Not every law is out to get y

In France, regulated since 1978

[dolmen.fr]

In France we have a law since 1978 that regulates storage and access to data linked to a person name.
Requiring a company to delete all your data is defined in this law.
The Commission Informatique et Libertés [wikipedia.org] is a administrative authority that was created by this law and whose mission is to ensure that data privacy law is applied to the collection, storage, and use of personal data.

Re:

[SLi]

That's one of the reasons why I actually like living in Europe. Of course Americans usually dismiss all privacy regulations as censorship, because their first amendment (and the balances struck by the courts, which most Americans of course don't know of) is the Only True form of Freedom of Speech(tm).

Re:

[r3m0t]

In the UK, it's the Data Protection Act.

Re:

[MeltUp]

I've looked it up, and this is of course legalese in its purest form, but these are interesting bits of the law: (in dutch)


2. Onder "verwerking" wordt verstaan elke bewerking of elk geheel van bewerkingen met betrekking tot persoonsgegevens, al dan niet uitgevoerd met behulp van geautomatiseerde procédés, zoals het verzamelen, vastleggen, ordenen, bewaren, bijwerken, wijzigen, opvragen, raadplegen, gebruiken, verstrekken door middel van doorzending, verspreiden o

I know in health IT the data is everywhere

[Average_Joe_Sixpack]

Some registration systems offer the patient the option of masking personal data, but it's still sent off to various vendors and ancillary systems during the course of treatment. Along the way it's cached, stored in databases and printed ... and it's not uncommon for the data to find its way into files that fail to be deleted. I've seen dump/bug check files and other temp files containing personal information. Lord knows what forensic tools could uncover.

So my answer would be no, given current architectures and system implementation methods.

Re:

[bigdavex]

Some registration systems offer the patient the option of masking personal data, but it's still sent off to various vendors and ancillary systems during the course of treatment. Along the way it's cached, stored in databases and printed ... and it's not uncommon for the data to find its way into files that fail to be deleted. I've seen dump/bug check files and other temp files containing personal information. Lord knows what forensic tools could uncover.

And yet somehow I have to fill out forms with my birth

A Guy sued over being on a mailing list...

[Anonymous Coward]

a few years ago. He was tired of getting all of that junk mail ("Direct Marketing" according to Advo) and started suing those junk mail companies. He lost on every appeal. They won every time!

I know, this is worse with all of the personal data that firms have, and many times, they were collected some other way other than the customer giving it to them.

For example, I once switched over to Sprint telephone service. When I canceled, they wanted my SSN. I said, "That's funny, I never gave it to you." Long story short, they had it allright! They "needed" it so that they could cancel my service.

My only guess is that the credit bureaus are pimping our data - ALL of our data! don't get me started on ChoicePoint!!!

Re:

[DesertBlade]

Most cell phone companies run credit checks and need you SSN. Just like if you apply for a load or a Credit Card. You probably just forgot that you gave it to them.

Re:

[OrangeCowHide]

I was recently given a pre-approved credit card that I never requested or agreed to. The bank refused to drop the account without me giving them my SSN. Three months prior to that, I received a pre-approved credit card from the same bank without my permission of acknowledgment. They refused to cancel that card without my SSN. I thought this was odd seeing as they didn't need that level of confirmation to open the account. They did offer me a credit card (an average of 6 times a week for 5 years), but I alwa

Re:

[DesertBlade]

Again, opening a bank account requires a SSN. Bank accounts deal with financials, which in turn the government needs to be aware of it for tax purposes. There are ways to get around it but it probably puts on some government list anyways. Typically a pre-approved credit card is not approved, you are still required to do some paperwork. Your bank just took my liberties than they should, and you did the right thing by moving your business.

Re:

[jackb_guppy]

SSN is NOT needed to open bank accout. It is need on an interest bearing account. Only on an interest bearing account is a SSN is needed to report income earned.

Re:

[sholden]

I'm pretty sure my checking account isn't interest bearing.

I set it up before I had an SSN, and got a letter for the bank a while later about having a month to give them one or they will have to close the account. It was a couple of years ago now, so I don't have the letter to check what regulation they referenced or if it was a real requirement or just something they tacked on themselves to make their lives easier...

Re:

[DesertBlade]

Did you have a passport, EIN or was it before 9/11? The laws have changed recently.br>
Look Here [privacyrights.org] for who can ask for SSN and what it is used for. To save you some time:
"Why do financial transactions require my Social Security number?
In 1961 the Internal Revenue Service began using Social Security numbers as taxpayer ID numbers (TIN). Therefore, SSNs are required on records of transactions in which the IRS is interested. That includes most banking, stock market, property or other financial transacti

Re:

[sholden]

Two years ago is clearly post 9/11. I used my green card as ID.

What I'm saying is that they did require my SSN - it was "give it to us or we close the account" a few weeks later - which was fine with me, when I opened the account I'd applied for an SSN already, I just wanted to be able to wire some money sitting back in Australia to myself and wanted to eat before the wheels of bureaucracy finished turning.

Re:

[Fulcrum of Evil]

Did you get a real card or were you merely preapproved?

Re:

[OrangeCowHide]

It was a real card attached to a new account on the online system. It had a credit limit of $8000 which I found insulting (my three credit cards that I actually requested have limits over $20,000). Both times a new card with a new number.

This is illegal

[Slashdot Parent]

Credit Card companies absolutely cannot open credit accounts for you without you first applying. I'm not going to spend time looking up the law for you, but you should be able to google it fairly quickly.

The other possibility is your identity has been stolen. Might want to look into that, as it is much more likely the cause of your experience, rather than banks openly flouting federal law.

Good luck!

Re:

[OrangeCowHide]

A teller got a commission for saying I had accepted the offer. He no longer works for that bank, and I no longer do business with them.

Re:

[Fulcrum of Evil]

Sounds like someone is borrowing your identity. I'd do what you did, then disclaim all responsibility in writing - send a certified letter demanding that they close the account. I'm not a lawyer, but I expect this could come in handy if the cards start showing charges in the future.

Re:

[OrangeCowHide]

No, I know how (see my response to your sibling post) the account was generated. Plus I got the actual cards in hand. I have shredded the cards, demanded the account be closed, got them to agree to never bother me under threat of lawsuit about opening a credit card account, and terminated my relationship with them.
With the first set of cards, I noticed a new account on the online system first and called them and told them to cancel that, and if it ever happened again I would leave. The second set of cards

Re:

[Fulcrum of Evil]

Care to share the name of the bank so I can avoid them?

Re:

[OrangeCowHide]

I probably shouldn't because the Bank Offered Apologies, and it really was an individual teller, not the bank itself that was causing the problem.

Re:

[Fulcrum of Evil]

Ah yes, the federation of small banks pretending to be one big bank. I've never opened an account there, but I've closed two so far. I believe I'll be closing three more in a year or two.

Re:

[Achromatic1978]

My partner concurs. Had a card with a $10,000 limit. Balance at ~$6,300. Goes on holiday. Goes to use card to pay for gas driving home from airport. "Sorry, declined."

Calls bank. "We re-evaluated your credit limit." (As is their right, sure, but wait for the punchlines.)

"Your new limit is $6,000." Sure enough, there on her next statement was a notification that this occurred. This was right under the "Over limit charge" of $35 (IIRC) for being over her new limit.

Good scam. "Hey, reduce that customers lim

Re:

[nickcoons]

My only guess is that the credit bureaus are pimping our data - ALL of our data!

I remember about five years back when I was running credit reports for applicants. Even though the policy of the company was to require all of the blanks filled in on their application, the software we then entered that data into would pull the credit report of the individual even without us filling in all the gaps. The system would let us put in enough information to sufficiently identify someone (like a name and address),

Re:

[macwhiz]

I found out the hard way that credit bureaus do not use your Social Security number to identify you by default. They use your first and last name, together with your address history -- all the places you've ever lived -- and the match doesn't have to be exact.

If you happen to be a "Junior" and your credit history shows that you lived at the same address as your father ("Senior"), you really need to know this, because there's a good chance that your credit histories will become confused.

You can call and

The only way to be sure...

[NineNine]

The only way to be sure is not to give out information in the first place and simply pay for things with cash (Wikipedia entry for "Cash" [wikipedia.org] for those of you who are unfamiliar with it).

Really, it's a trade off for using services in our modern culture. The thing is that nobody is forcing you to give away any of your information.

It is possible to keep your data private, if you so choose. My home address, in fact, is in no databases except for my power company, and I receive -zero- mail there, which is, as far as I can tell, the only way to be sure that that particular data isn't floating around out there.

Re:The only way to be sure...

[arth1]

The only way to be sure is not to give out information in the first place and simply pay for things with cash (Wikipedia entry for "Cash" for those of you who are unfamiliar with it).

Really, it's a trade off for using services in our modern culture. The thing is that nobody is forcing you to give away any of your information.

This is technically true, but useless in practice.
Nobody forces you to cash a checks, but try caching one without being a registered customer or handing over your full personalia for registration. Nobody forces you to drive a car, but try getting car insurance without giving up your SSN and other private data.
Or try getting a job, but refuse to give out your social security number. Chances are you won't get a job, and will end up on the street. You won't get welfare, because that requires registration of your personalia.
In reality, not handing over your information is impossible, unless you live on a reservation or Amish society.

--
*Art

Re:

[truthsearch]

Or try getting a job, but refuse to give out your social security number.

Well, in that particular case it's one of only 2 times you should have to give out that number. Once to contribute to social security, and once to withdraw. It makes sense a job requires it since the government requires it of the employer.

Re:

[jackb_guppy]

I can and have cashed checks at the drawn bank. There was NO registration. I have auto insurance without a SSN given. What world at you living in?

Now SSN and a JOB is because of tax law. Now with you form a S-Corp, then hire yourself, the SSN in internal to you. The other company pays your company, so NO SSN there either.

My kids are now in school, without their SSN. I go to doctors again without a SSN.

May be you just have not tried to keep your information personal.

Re:

[Asm-Coder]

Please look at how short the article he linked to is. Apparently, no one knows anything about cash. This is either bad, because, no one knows what cash is anymore, or good, because, nothing can be found out about cash and it is safe for transactions.

Re:

[Nutria]

It is possible to keep your data private, if you so choose. My home address, in fact, is in no databases except for my power company,

Do you have a drivers license?

Provided...

[C10H14N2]

...you don't own your home or your landlord has never run your credit--for that matter you have no credit (good luck owning a home then)--you're not employed, don't pay taxes, don't vote, have never been cited for any infraction of law (much less anything worse or actively sued or been sued for anything), don't drive, have no insurance of any kind, do not have a passport, have never sought medical care. Even after that, the POSTAL SERVICE certainly has your address and THEY certainly give that out as a matt

Asking for deletion probably makes things worse

[G4from128k]

Asking for deletion will probably only increase the amount of your information stored by the company and increase the chance of ID theft. Not only will the request not result in the removal of existing information, but it will add more information and instances of your information. If you contact the company, you will be both in the old customer DB and in recent copies of the customer service contact DB. Second, if the company outsources customer contact, then that 3rd party service provide will probably

Re:

[NineNine]

I completely agree. When I have say, a credit card that just won't die, I assume the best I can do is not to contact the company again, hoping that it will eventually be purged from their system after a certain amount of inactivity on my part.

It's not that simple

[skybrian]

Suppose you're running a one-person business and one of your customers is obnoxious to you. Should you be required to forget all about it and treat them as any new customer next time you see them? Requiring businesses to delete records about their customers is essentially enforced amnesia. Whenever there's a transaction, it seems pretty reasonable for both sides to remember what happened.

And then there's the question not only of what you should remember but who should you tell. If you have a bad experience as a customer, most people would feel perfectly justified in telling their friends, posting to their blog, and engaging in other bad publicity towards the company. When a business gets ripped off, who are they allowed to tell? Should assholes and deadbeats get a free pass next time?

The other side to this is that we've grown accustomed to a certain amount of anonymity when dealing with larger businesses. This is a sort of automatic forgiveness. Some kind of forgiveness is essential, because memories are fallible, records can be wrong, and people change. Not to mention that there's an enormous power imbalance when you're dealing with a big business. But the question of how long you should remember, what you should forgive and forget, and how that should affect peoples' reputations doesn't have simple answers.

Re:

[Lehk228]

the simple answer is unless there are problem notes on your record, purging it should be allowed by the company as a matter of good customer service.

keep a seperate deadbeats database of former customers you no longer want to do business with.

Re:

[c0d3h4x0r]

Suppose you're running a one-person business and one of your customers is obnoxious to you. Should you be required to forget all about it and treat them as any new customer next time you see them?

Yes, because it's wrong to punish the vast majority of customers, who are honest, for the wrongful actions of a few.

Requiring businesses to delete records about their customers is essentially enforced amnesia.

Exactly. That's what it's supposed to be.

Whenever there's a transaction, it seems pretty reasonable for bo

Data Protection Act

[AmiMoJo]

In the UK, all you need to do is write to the company in question and tell them you want the data deleted. Thanks to the Data Protection Act, they must then comply.

You can also ask for a copy of all data held about you, although in that case the company is entitled to a "reasonable" fee (usually £10) to cover admin costs.

Re:

[Richard_at_work]

Wrong, nowhere in the Data Protection Act 1998 does it allow the subject of data retention (I.E. you) to request unmitigated deletion of data held. You can go to court to ask the judge to rule on deletion or correction (at the courts discretion) of incorrect or inappropriate data, but theres no clause held within the Act of Parliament to force a company to delete appropriate and correct retained data on request.

Many 'law' firms on the Internet have it wrong when they are suggesting deletion on request i

Re:

[AmiMoJo]

You are not entirely correct either. See: http://en.wikipedia.org/wiki/Data_protection_act [wikipedia.org]

Parties storing data are required to correct it if it is wrong. If they do not comply, you can take them to court. As for having data removed, you will note that data is generally not supposed to be stored beyond the point where it is required to complete some kind of contract, or legally required to be held. Thus, if you cut all ties with a company and make it clear that they have no reason to keep your data any more,

Re:

[Gothmolly]

And then of course they do it. Wake up and smell the tea, my friend.

Re:Data Protection Act

[ajs318]

But the UK Data Protection Act assigns a "rightful purpose" to the data they are storing about you, and anything other than that rightful purpose (including internal systems testing, technically!) is a misuse -- which is a breach of the Act. If you've asked them to remove your data then it now has no rightful purpose, so anything they do with it from then on is in breach of the Act.

Note that at least until not long ago, data stored by non-computerised means was exempt from any legal protection whatsoever. There was at lease one organisation which used this loophole to their advantage, and held much information on "Undesirables" (such as dope smokers, trade unionists, people who donated to Amnesty International, people seen wearing a Levellers t-shirt ..... that kind of Undesirable) on paper in filing cabinets. And there was nothing anyone could do about it. I'm not sure if the 1998 amendments sought to block this.

Re:

[Gothmolly]

And by making it illegal, you're ensuring that nobody ever will do it. Brilliant!

Re:

[ajs318]

No; but by letting people know that it is illegal, you're ensuring that if anyone gets caught for it (and they will: many people use aliases when dealing with different companies, in order to spot who is passing on their details to whom. Sometimes it's deliberate, as often as not it's a simple mis-spelling. If you have a mis-spellable surname and a mis-spellable street name, there are a few combinations and it does no harm to let them ride), an example will be made of them.

Re:

[Gothmolly]

And they're a respectable firm, with dozens of lawyers, and you, well you're a solo computer geek. "But your honor, this was just a mistake with our off-site archiving firm, here's a memo stating that it should have been destroyed. Judge: hmm, ok, you're in the clear." If the UK was such a farking bastion of liberty and jurisprudence, explain ASBOs, waiting 4 years for an ingrown toenail to be fixed, and the ridiculous state of your higher education?

Re:

[Fulcrum of Evil]

And their CEO tended to dress in women's clothing, right? I doubt any laws would really bother that group, since they don't pay attention to them anyway.

Re:

[nasor]

Does this mean that I wouldn't be allowed to keep a list of customers who wrote bad checks, so as to avoid doing business with them in the future? Can I keep a list of customers who have been banned from my store for attempted shoplifting? Or would I be required to take people off such lists at their request?

Junkbusters

[Seanasy]

Junkbusters has some advice. http://www.junkbusters.com/junkdata.html [junkbusters.com]

They also have a lot of good information for dealing with the DMA and others.

The Question is Ownership

[necro81]

The real question here, which I don't think has been resolved in legislation or court judgements, is that of ownership. Whose data is it, anyway? Is it yours, because it describes and identifies you (not to mention the potential harm to you if it is released)? Or, since the company has taken pains to acquire, organize, and analyze it, and presumably has made some profit from it, does it belong to them? If the former, then one could argue that no company can legally hang on to something that ultimately b

Re:

[Myself]

Here's some legislation I'd like to see: Last time I made the 'take me off your list' phone call, I asked where they'd gotten my number in the first place. They claimed not to know. Perhaps the folks staffing the call center didn't know, because they were just contracted to answer 'take me off your list' calls, and that's fine. But what drove me mad is that they also wouldn't tell me who contracted them, or whose list I was actually on in the first place.

Two requirements: First, tell me who the hell you are

Not likely to happen...

[ruiner13]

Even if you could get the customer support monkey to delete all your data in their live system, any reputable place I'm sure will have backup sets with your data. Good luck getting your data removed from shelves of tape libraries.

Doesn't mean they'll get rid of it...

[HaloZero]

...infact, most businesses with practices like this fail miserably. Infact, I encountered just such a situation today!

My company recently bought a handful of off-lease refurb machines from a major brand distributor (the OEM). They were marked cleaned, and sanitized, and sent to us without an operating system. Or, atleast, that's what we'd ordered.

Imagine my level of surprise when I found LIVE DATA on the only machine I've unpacked so far. These are off-lease, and came from a company that's folded, but the

want them to leave you alone?

[timmarhy]

the best way to do it is not to contact them or do anything.inactivity is the #1 reason for you to be removed from a database. just toss their junk mail into the bin. if they include a paid return envolope, wrap a turd in a plastic bag and mail it back to them for fun, but certainly don't call them or anything. if they call you, hang up in their ear, or put them on hold and walk away and waste some of THEIR time. anything to make you a waste of their time will make you unattractive.

Canada rules

[Ghost-in-the-shell]

Canadian law controls this though PIPEDA
Please refer to Personal
Information Protection and Electronic Documents Act (PIPEDA) for further information.