Archived Boards and Threads... > SMF Feedback and Discussion

[Brainstorming] EU data protection regulations

<< < (2/2)


--- Quote from: CircleDock on May 01, 2012, 01:17:41 PM ---The applicable legislation in the UK is the Data Protection Act which is enforced by the Information Commissioner (ICO).

Forums necessarily record the username, email address, password, the IP Address used to register and the last-used IP Address. As far as the Data Protection Act is concerned, none of these is considered to be private information and thus can be retained without the need for the website to register with the ICO as a Data Controller.

But users often beef-up their profile with other information which could be used to identify them. Whilst they remain a member of the site, there's no problem since they have access to that information and can modify or remove it at will. A problem does occur if a member is banned since they no longer have access to their profile or private messages and thus can not remove them. Sites that retain this information should either register with the ICO or remove that personal information.

This can be overcome by extending the ban function to include removing non-essential information from the members' profile along with all his sent and received PMs.

--- End quote ---
For ages we've had our registration agreement include a specific stipulation that we are not required to delete anything, and people must agree to this as part of the registration process.

You really need this if you aren't going to open yourself to being played. Usually you want to ban trolls and spammers. Both will keep coming back, and you need ways to track them and block them. This means you need to keep records on them for comparison with new applicants. Deleting all their PI whenever you ban them isn't going to work.


[0] Message Index

[*] Previous page

Go to full version