recent work

Friday Focus

I’m sure that most of us have a Skype account. It’s the sort of thing that everyone creates, tries out, then either uses religiously, occasionally, or not at all. And the occasional users (like me) may have more than one account having periodically forgotten their log in credentials and find it easier to create a new account.

So it was interesting to reads that the Italian data protection regulator has raised an issue to do with the account closure provisions adopted by Skype which raises a debate that has been around for some time: when or rather should we delete data? Skype argue that when subscribers delete their accounts, it is good practice and necessary to simply mark the account as inactive – essentially to flag it as “deleted” but not to actually delete the record. That way they can preserve the uniqueness of log in details for subscribers and allow un-subscribers to resurrect their account should they wish to. It’s also a long-held data management principle that nothing should be actually deleted – just updated or re-flagged so that a full audit history of changes to a field on a database record is available.

Is that practice at odds with data protection legislation? Possibly not as we are allowed to retain data as long as is necessary for the purpose(s) for which it was collected. And arguably it actually enhances your meeting the requirements of the Fourth principle (the responsibility to maintain information accurate and up-to-date) because a trail od changes will demonstrate not only an attempt to maintain accurate data but also it will show the speed at which changes were implemented.

But do you really want to store all of that redundant data? The implications of a security breach are heightened if you are holding more data than is necessary and particularly if some of that data is particularly sensitive or confidential. If ITV had not had the latest pictures of the Duchess of Cambridge in their possession, then they would not have run the risk of accidentially broadcasting them on live TV.

Celebrity data remains big business and so it was surprising that the email account of a former US President was hacked. One would have assumed that it would have been better protected if not impregnable. Fortunately it was only the personal photographs and emails of George W Bush that were put into public arena, but by implication it could have been worse or more embarrassing. Rather like the accidental disclosure of medial information about Manchester United and England player Phil Jones. Sir Alex Ferguson was critical of the England camp for disclosing that the player was suffering from Shingles and rightly so although it’s doubtful that the complaint which was levelled as an unauthorised and inappropriate disclosure of the player’s sensitive personal information will be investigated by the Information Commissioner.

Tags: , ,