funsec mailing list archives
Re: Bill Would Force Web Sites to Delete Personal Info
From: Mike Owen <kyphros () gmail com>
Date: Fri, 10 Feb 2006 13:59:49 -0800
On 2/9/06, Fergie <fergdawg () netzero net> wrote:
Via C|Net News. [snip] A bill just announced in Congress would require every Web site operator to delete information about visitors, including e-mail addresses, if the data is no longer required for a "legitimate" business purpose.
Well, just read that bill. It's very simple, and seems quite easy to ignore as it stands. I'm obviously no lawyer, but this phrase sounds like it's business as usual, and now legally sanctioned: "An owner of an Internet website shall destroy, within a reasonable period of time, any data containing personal information if the information is no longer necessary for the purpose for which it was collected or any other legitimate business purpose, or there are no pending requests or orders for access to such information pursuant to a court order." Specifically, this part: "if the information is no longer necessary for the purpose for which it was collected" Seems to me like if you state in your business plan, that you're keeping data because you want to keep it, or something to that effect, it would be within the letter of the law, and you'd be fine. "No deletion neccessary, the purpose for keeping data is to ensure you have a history of a user's transactions and information for fraud prevention, and to offer personalized services". Or make up some some other bullshit that basically states you're keeping everything forever. Mike _______________________________________________ Fun and Misc security discussion for OT posts. https://linuxbox.org/cgi-bin/mailman/listinfo/funsec Note: funsec is a public and open mailing list.
Current thread:
- Bill Would Force Web Sites to Delete Personal Info Fergie (Feb 09)
- Re: Bill Would Force Web Sites to Delete Personal Info Mike Owen (Feb 10)