BLUEMOMENT

.
There is no way for users to remove themselves from the forum database. If they request removal am I obliged under the Data Protection Act to do so? I have been unable to determine whether or not this is the case.

A user here has requested removal. I am reluctant to do so as it is a request made in a fit of pique. however, I am concerned that I might be in breach of the DPI if I ignore the request.

Can anyone with a greater familiarity with the act enlighten me?

Who was it?
If it was one of the usual suspects or another poor sod you've upset, let us know and we'll see if we can help
If its Jimi or Para - ignore it.

It always pays to read other posts before you ask daft questions - however, I think least said soonest mended in this case - and ignore it.
Perhaps a pm spat might have been healthier rather than this rather public one?

Jamesie - I know you will be reading this - see you in Oxford?

claymore wrote:Who was it?
If it was one of the usual suspects or another poor sod you've upset, let us know and we'll see if we can help
If its Jimi or Para - ignore it.

Ta for the advice. I'll ignore it.

(As per your advice, not as in I'll ignore your advice . . . er erm . . . I'm sure you know what I mean)

Nick wrote:.Can anyone with a greater familiarity with the act enlighten me?

Normally, you are obliged to tell a person what information you hold on them - in this case the data they provided at the time of registration plus the secret dossiers you have amassed on each forum member and all their online activities..... That is something you must do on request although you are permitted to charge a nominal amount for your trouble (part of the 6th principle of the act).

In terms of the DPA, you may only hold personal information for as long as is necessary to perform the function for which it is gathered (the 5th principle of the act). Since holding the person's information in the db isn't necessary to continue displaying their posts - i.e. you can remove their name, screen name, whatever, and retain the actual post contents - then it is questionable how long you need to hold their info for. A website I have had long discussion with the ICO in Scotland about now has a default policy of removing copies of data submitted through the website 90 days after successful submission (since the form content is now in process elsewhere and no longer has any reason to be stored at the submissions portal). If you have held any submissions in draft but then fail to log in for 18 months, both the user details and all submission data are removed.

In the example you describe, the request is reasonable, and deactivating an account may be a sufficient response in the short term, but for completeness I would expect that there should be a policy on retention - i.e. 6 weeks/months deactivation followed by removal of information.

More importantly as data controller and processor, you need to ensure that you do what you say when you say it. Not having a policy is one risk, but falling foul of a DPA-related policy is much worse. The ICO really, really doesn't like that so normally it's easier to just fulfil any removal requests when they come in.

Is it a part of the DPA that has caused the rash of "This Site Uses Cookies" messages which seem to be apearing everywhere recently?

Anyone who doesn't know that sites use cookies fall into the same group who don't know that coffee is hot.

aquaplane wrote:Is it a part of the DPA that has caused the rash of "This Site Uses Cookies" messages which seem to be apearing everywhere recently?

Anyone who doesn't know that sites use cookies fall into the same group who don't know that coffee is hot.

That's the EU e-Privacy Directive. A pile of nonsense really, since simply telling you that cookies are used doesn't achieve the aims of the Directive which was to allow users more control over a site's use of them. It's a single consent requirement, so if a site only uses cookies for direct functional reasons when you grant permission, they can later start using them for ads and all the other stuff the Directive wanted to prevent.

.
erm . . . oh yes, forgot that one. By using this site youse are all deemed to understand this and to accept cookies, OK?

Nick wrote:.
erm . . . oh yes, forgot that one. By using this site youse are all deemed to understand this and to accept cookies, OK?

Brilliant, Ah like the wanns wi chocolate in them- ta. Collect frae yours?

I do not believe you have any need to remove posts, because they are not personal data. Of course they may contain personal data, but that's a different matter. If you delete a profile from Disqus it retains all the posts made, but reassigns them to "Anonymous User" which seems a sensible thing to do.