Catch up on stories from the past week (and beyond) at the Slashdot story archive


Forgot your password?

Did Your Ex-ISP Purge Your Personal Data? 63

reallocate asks: "When you quit an ISP, do you expect that your personal info and your email accounts will be purged? So did I, but I was wrong. Do you know what your ISP does with your data if you quit them?" At first glance, this would seem to be a reasonable expectation, but these days, businesses are holding your data longer than you'd expect. If someone doesn't know for sure if an old business is holding their personal data, is there any way they can find out?
"Once upon a time, I was a Roadrunner customer. I dropped them and moved to another ISP. A few days ago, I fell prey to a "returning customer" inducement from Roadrunner that will, in truth, save me a few hundred dollars over the course of a year.

However, when the sales agent knew my address before I gave it to her, and the customer service guy I called later knew my Social Security number, although I had not yet provided it, it was clear Roadrunner had not purged my data when I had closed the old account, including user ID and password. Their agents were seeing that data displayed on their screens. And, checking what I thought were long-dead Roadrunner email accounts, I saw they'd been left open and active, with hundreds of messages piling up.

I've spoken with my local Roadrunner office and written their national office, asking about their policy on purging personal data when a customer drops an account, and, if it isn't purged, how they use that data. To be fair, both queries were made over the weekend and I'm waiting for responses."
This discussion has been archived. No new comments can be posted.

Did Your Ex-ISP Purge Your Personal Data?

Comments Filter:
  • After AT&T Broadband internet was handed over to Comcast, I noticed a VERY dramatic increase in spam email sent to my attbi account. Coincedence?

    • When we first got on the internet (1996), some friends and I had accounts with one local ISP. As time went on, we each cancelled our accounts for various reasons except for one guy...

      Fast forward three years and when we were in town, we all used his account... sometime simulataneously. And he stopped receiving a bill, so he cancelled it.

      Fast forward 3 more years and I try out the account. Sure enough, it works and there was some old email in there. Almost all the info was out of date, but a few of us
  • Is this guy serious? (Score:4, Informative)

    by I_Love_Pocky! ( 751171 ) on Monday May 24, 2004 @05:21PM (#9241850)
    Why in the world would he think that they would purge his information just because he isn't a customer any more? I worked for an ISP and our billing software didn't even allow for that sort of thing. You could get fired for deleting a users information for any reason. As a business I think they have to keep that sort of information around for several years for accounting purposes anyway.

    I mean after all, there are plenty of companies out there that have your personal information that you have never even done business with (and they buy and sell personal information all the time).

    Besides, it isn't like it is just ISPs either. How often do you get phone calls from ex-long distance providers asking you to switch back?
    • by Anonymous Coward
      I don't understand this either. I don't expect the bank, phone company, ISP,, the electric company, the place I bought a car from, my insurance company, my doctor's office or anyone else to delete my personal information when I'm done doing business with them. If nothing else, there are often requirements and policies for businesses to retain records for a number of years. And it is otherwise a good idea so that should there ever be a conflict you can prove your case. Or contact the person should
      • I agree about the account information. The e-mail piling up is kind of strange, though. That would bother me.
        • by DaveJay ( 133437 ) on Monday May 24, 2004 @08:09PM (#9243127)
          Agreed about the email. Parent mentioned not expecting a bank to purge your information, but you would certainly expect them to close your active checking and savings accounts (or in an ISP's case, email accounts).

          I had a terrible, terrible bank in Chicago some years back, and when I closed all the accounts and took the last of my money out (in person, I might add) they assured me that the account was closed.

          Well, a check that was still floating around hit the bank a week later (it was months old and very small, so I had chalked it up to a balancing error) and rather than not pay it or contact me first, they paid it out, then sent me a bill for the overdraft charge in addition to the amount. The kicker: I tried to talk to them about it, but all I got were circles of:

          them: "we only honor checks to open accounts, and yours is closed, so we couldn't have paid it"

          me: "but you sent me this overdraft for the closed account saying you paid this out"

          them: "well, the account must not have been closed"

          me: "I have this piece of paper from you saying it was closed a week before this check was paid"

          them: "if you had a check out there, you should have left enough money in the account to cover it"

          me: "I didn't know it was still out there, and how can I leave money in a closed account?"

          them: "You can't leave money in a closed account, but once an account is closed, you don't need to leave money, because we don't honor checks to closed account"

          me: "but you DID..."

          And so on. Took weeks to straighten out. Bluh.
    • by Seumas ( 6865 )
      No kidding. This is the stupidest "Ask Slashdot" ever - and that's saying a lot.

      Why would anyone expect a company they have done business with to delete all records of having done business with them after they're no longer a customer? For one thing, companies are often required by law to retain certain documentation and for another - who the hell cares?

      Why should an ISP be expected to delete their records any more than the electric company, phone company, or the IRS?

      Of all the things to get yo
      • What I want to know is why this guy gave his ISP his Social Security Number? lol. You know you only have to give that number to your bank and the IRS right?
        • by Anonymous Coward
          Sure, you don't have to give it to your ISP if they ask for it.

          Oh, and they don't have to give you service for any reason they decide, including you not giving them your SSN.

          Them's the breaks.

          • by Seumas ( 6865 )
            Actually, I believe you are incorrect about refusing service if you do not give a company your SSN. Social Security Numbers are for employment and government use only and are not supposed to be used for any other purpose. The only people you are required to give your SSN to is some government agents, your employer and your banking institution.

            Whenever anyone else asks for your SSN, simply tell them you wish to use another password or unique identification number.

            I do not give out my SSN. It's a significan
        • True. But try getting service for anything else without giving it out. That horse is out of the barn and down the lane.
  • by sfjoe ( 470510 ) on Monday May 24, 2004 @05:22PM (#9241861)

    Personal data is a valuable asset. No corporation is going to willingly delete that information. If you're an ex-customer, doubly so: there is no "goodwill" to be gained by deleting it and they may be able to recapture you as a customer as evidenced here.
    • In Canada, maintaining this information after you have lost the customer is illegal under the PIPED Act [] which came into effect for corporations unrelated to the government on January 1st, 2004.

      Basically, you are allowed to use personal information only for the purpose you originally stated. Companies that collected this data to provide you with service are therefore legally bound to delete it once the customer cancels their account.

      Very few companies actually do this.
  • Nope. (Score:3, Informative)

    by Phexro ( 9814 ) on Monday May 24, 2004 @05:26PM (#9241892)
    I used to use Qwest, before they got out of the ISP business and tried to get all their customers to use MSN.

    A few months back, I happened to get a bounce on a message to that address. I'd forgotten to update an email notification on a web app I'd built some years back, and the mailbox was full of spam and couldn't accept the message from the webapp.

    It's been... oh, 2? 2 1/2? years since I switched away from Qwest, and the email account is still active. I could probably dial in if they still have dialup access.
  • I know they did, because they're the ones [] who claimed they didn't make ANY backups because then they'd be legally liable for any data they restored. Which was their lame-ass excuse for losing 7 years worth of email and assorted other files when some fool shorted out their hard disk during maintenance, and my reason for finding a new ISP that understood the meaning of responsibility to paying customers.
    • Actually, backup schemes for ISPs is a very complex issue, requiring different retention and destruction protocols for different types of data, that may be difficult to map into filesystems.

      I do agree, however, that "none at all" is a piss-poor disaster recovery regimen, and I suspect you were not the only customer to leave them after their disaster-non-recovery.

      • Oh, absolutely. And if they'd said that there was a legitimate problem with their backups, sorry we can't recover anything, I would still have been pissed, but at least not felt like they were incompetent fools. It makes you wonder if they knew specifically of illegal material being hosted on their servers and chose to turn a blind eye....
  • In the UK (Score:4, Informative)

    by ( 782137 ) <joe&joe-baldwin,net> on Monday May 24, 2004 @05:30PM (#9241922) Homepage Journal
    In the UK, the Data Protection Act mandates that companies not withold data about people if they have no good reason to have it. The DPA: wonder why it isn't an idea that's reached the US yet.
    • Re:In the UK (Score:1, Insightful)

      by Anonymous Coward
      That's because corporations, not citizens, run the United States.
    • Re:In the UK (Score:2, Interesting)

      Couldn't one also come up with a good reason? What about keeping previous customers informed of services which could draw then back? Or ease of reinstating an account for a returning customer? What happens if I purge all data on an account that went deliquent and I never want that person again to receive any service? How do I make sure that same person doesn't come back a few months later and tries to get service again? If I've purged the info, I have no easy way to check out if this is that banned use
  • SBC email address (Score:3, Informative)

    by ChaseTec ( 447725 ) <> on Monday May 24, 2004 @05:31PM (#9241930) Homepage
    I had South Western Bell DSL at one time with an email address of I had to move and ended up someplace without DSL. A year or so goes by and I move again to someplace where I can get DSL again. I tried to see about getting my old email address back. Trying to sign up with the same address told me the it was taken already, given the addesss I figured that was kinda odd so I called them. Apparently the don't(or didn't) ever release old email address because their records showed the the address was a deactivated account that belonged to me and there wasn't anyway to reactivate it or delete it. The guy I talked to said that he'd been told that every once in a while they are supposed to clean out all the old address but in the 4 years he'd been working there it had never happend.

    I guess in a way it's like adding your name to one of those Mars DVDs. That email address will be taken long after I'm gone.

  • The two-headed Qwest (Score:3, Interesting)

    by deque_alpha ( 257777 ) <qhartman@gmai[ ]om ['l.c' in gap]> on Monday May 24, 2004 @05:36PM (#9241985) Journal
    I have had phone/dsl and ISP services off and on for some years from Qwest/USWest and On the phone/dsl service side of things, they delete portions of account information (like SSN) almost immediately. I recently moved and they bunged up the move order. When I called back a day after my new service was supposed to start, and had to start "new" service, they still had my name, address, etc. but no longer had my SSN or any of my old billing information. Pretty good., on the other hand, apparently doesn't get rid of anything, as they still had that (partially obsolete) information when I spoke with them minutes later...
  • This story begins about four years ago when cable giant Charter came to La Crosse, Wisconsin and gobbled up the local cable company. One good thing to come out of this was, finally, relatively affordable broadband in the area. So, a friend of mine signs up for it. After about a year he moves out and his parents go back to dialup. Recently, his mom has become a bit more tech savvy and desires broadband. He stops by to help her out the day the Charter guy comes to install it, and much to his surprise, th
  • Not Where I work... (Score:1, Interesting)

    by Anonymous Coward
    I do tech support for a fairly large ISP in Northern Nevada. I can login and view information about a customer's account anywhere in the 10 years they have been in business with one command. If I go to another interfact, I can seartch deeper and get more info. It would be extremely easy to get a less-than-honest person working in here who could get a lot of sensitive information. Seeing this sort of availiblity to some people on a first-hand level makes me a little bit more afraid of what could happen (read
    • Employee misuse of the data is the point that really concerned me. Widespread abuse by the company would draw attention, but a single employee could maneuver under the radar.

      On a related topic: You know when companies say "this phone call may be recorded for quality purposes..."? Ask them sometime if you are allowed access to recordings of your phone calls (without a lawyer and a subpoena, that is...). The tapes are used for dispute resolution, as well, but you'll have to take the firm's word about what
  • by DynaSoar ( 714234 ) * on Monday May 24, 2004 @05:48PM (#9242106) Journal
    I've worked for several since before they were called ISPs (networked BBS's at best). They don't delete customer info. Even before they figured out that personal data was worth money, they knew that a customer was a customer, whether active or inactive. The latter usually meant "not presently using our service" as weasel words for "ex-customer", though I know of one instance where it meant "dead". How else could they claim those enormous numbers of users? It was everyone who'd ever signed on for even a brief time. If every user claimed by every provider were active at that time, there'd be more active accounts than people on the planet.
  • Data protection act (Score:4, Informative)

    by Trevelyan ( 535381 ) on Monday May 24, 2004 @05:49PM (#9242122)
    In the UK, under the data protection act a company that holds data on people must register with the authorities, and must provide you with all data they hold on you if you request it (they are allowed to charge up to 10 pounds for things like "handling"). Also they should apply any corrections you give them.

    Some Co. do try to not tell you, in the hope your dont know you rights, just point out you do.
  • before leaving an ISP. It just always seemed to me to be the nice thing to do. I'd also set up mail forwarding in the shell account, with an autoresponder giving my new address in non-machine-readable format.

    Teleport was forwarding e-mail to me still 6 months later.
  • Every time I've changed ISP's, I've always deleted everything after moving it to the new place. Files, folders, web pages, email archives, everything.

    As to the personal info you give them when signing up, I don't expect them to get rid of it. Nobody else does, why should the ISP be any different? Plus, I think businesses are required to hold onto records for 7 years.
  • by jamus ( 1439 )
    I was inthe Windows 95 preview program, and in the MSN beta. I think I stayed with them for a couple months after that.

    Fast forward about seven years. I've had at least seven different mailing addresses since then. I get a letter saying that I was a valued customer and they wanted me to try their newest version.

    It's pretty obvious that MSN has never purged their databases.
  • A friend of mine swapped ISP's when he started doing helpdesk work for one. His old isp stopped chargin him of course, but the email account didn't close. Just for laughs once he tried reading his mail via POP3 remotely.... and he's been using that email account for free ever since.
  • There's a million and a 1/2 reasons why they would keep your info in their database. Let me give just a couple examples. 1.) What if you at one time had their cable modem service and they provided you with a cable modem. Upon disconnecting service you never returned it, and tried to either re-register with your name or someone else's name at a later time. Or you sold it at a rummage sale. When you or the person that now has it tries to re-activate the service they will see that the modem was last on you
  • I was attending a sales presentation for some database software (don't remember what it was) in the late 1990s when a person in the audience asked about Y2K compliance. The salesmen proudly proclaimed that the software could handle dates from 1850 to 2450. Another hand goes up. He claims: "I'm with the Hudson Bay company, and we have diliquent accounts going back to 1630." The salesman thinks about it for a second. He replies, "When was the last time you collected on one of them?"

    Which I guess brings this back on topic. Apparently some companies keep your information for multiple centuries.

  • Nonetheless, brings a few things to mind.

    Of the free web accounts I've used, I have noted a couple of things. One, they don't purge the userid or whatever data they collect; but two, they do purge the data in your home directory. Crosswinds did this to me a while back on a bogus allegation of spam.

    As far as ISPs, while the personal data is held, the user data is either backed up to tape and purged after a fashion (Speakeasy []), summarily deleted if present (Earthlink - or more correctly, Mindspring did t []

  • A year ago I moved out of state; my old ISP had been bought out and was going downhill fast anyway, so the only good thing about the move was ditching them... To this day, however, my old web page is still online - I still get an occasional request from someone who's Googled the pics I put up of the stuff I was trying to give away just prior to leaving town.

    Leaving the obvious issues and questions aside, I think this just falls under the broad category of "If this was our biggest problem, we'd be doing OK
  • These databases can be thought of as a small protection against spamming and other obnoxious behavior. I've worked on video rental systems with information (remember- they have either your SSN or your CC#) many years back. Even the managers cannot delete these records.

    This is to cut down on multiple accounts (ie, I rent 5 movies, never return them, and instead of paying up I simply try to open a new account) as well as other issues surrounding liability (my son was never listed as a supplemental customer on my account! How could he have rented $150 worth of video games!) and so on.

    However, I believe that a reasonable time frame should be established to purge or refresh old information, just as businesses are required to keep account statements back 7 years.

  • by jm92956n ( 758515 ) on Monday May 24, 2004 @11:43PM (#9244334) Journal
    A while back (nearly six years ago, to be exact), I cancelled service with my local ISP. Though they deleted my email account, my FTP account was not touched. I still use it on a regular basis to host files. According to Netcraft [] the server is running WebSTAR/4.2, some old ancient Mac software that I've never seen elsewhere. I'm convinced my account will remain until there's a hardware failure.

    There's little to no cost associated with maintaining this data. It would probably cost them more in man-hours to delete my account than it would to just leave the account in place.
  • 4 Years ago, I got RoadRunner at my house *yay*

    We canceled our dial up that day.
    I can still dial into it, 4 years later, with no problems. Our webspace is still there too, and I've even checked the email a few times.

    I've used it quite a few times, when RR goes down, or if I'm at someone elses house on my laptop.

"If you lived today as if it were your last, you'd buy up a box of rockets and fire them all off, wouldn't you?" -- Garrison Keillor