S
(Shovel)
Guest
Ello all, after a bit of help with a Uni project.
We've got a big development project based around a ficticious Flight Operator. It's essentially to design a complete computerised system for customer bookings through to flight and fare management and marketing.
It's marketing where things get a little legal. Data Protection is something I'm trying to cover, since we have to provide a presentation on the project, but not from a "technical" angle (more for the perspective of the company itself).
Now, DP principal number 5 says that data should not be held for "longer than is necessary". Nice an exact.
1) So, this system takes the name and contact details of passengers, once they've been on their flight, so far as I can see there is no need for the company to keep their details. However, this is dedicated to air travel, so are there any police requirements to keep hold of passenger details for a length of time after they fly?
2) There is a club for frquent fliers - usual points means prizes type set up. Now, my understanding is that joining the club would include opting in to keeping the link between you and your flights for longer than this, which for the company provides direct mail oppotunities etc. Is this correct? Or would even club members be protected to have their details separated from their flights after a length of time?
3) Payment: Payment details get stored, after the money has been taken, is there any reason to keep this? I've been told that there may be company tax reasons to hold on to it, if that's true, does that mean holding on to the whole hog - names, addresses, card numbers everything? Or just some specific key information?
4) Is it correct that once a link between a flight and a passenger is broken (the flight information made anonymous) there is no problem with keeping the flight info forever?
Essentially, I'm after knowing how long each section of data needs to be/can be kept for, so that this can be made part of the design, and presented to the company.
Thanks very much,
Ben
We've got a big development project based around a ficticious Flight Operator. It's essentially to design a complete computerised system for customer bookings through to flight and fare management and marketing.
It's marketing where things get a little legal. Data Protection is something I'm trying to cover, since we have to provide a presentation on the project, but not from a "technical" angle (more for the perspective of the company itself).
Now, DP principal number 5 says that data should not be held for "longer than is necessary". Nice an exact.
1) So, this system takes the name and contact details of passengers, once they've been on their flight, so far as I can see there is no need for the company to keep their details. However, this is dedicated to air travel, so are there any police requirements to keep hold of passenger details for a length of time after they fly?
2) There is a club for frquent fliers - usual points means prizes type set up. Now, my understanding is that joining the club would include opting in to keeping the link between you and your flights for longer than this, which for the company provides direct mail oppotunities etc. Is this correct? Or would even club members be protected to have their details separated from their flights after a length of time?
3) Payment: Payment details get stored, after the money has been taken, is there any reason to keep this? I've been told that there may be company tax reasons to hold on to it, if that's true, does that mean holding on to the whole hog - names, addresses, card numbers everything? Or just some specific key information?
4) Is it correct that once a link between a flight and a passenger is broken (the flight information made anonymous) there is no problem with keeping the flight info forever?
Essentially, I'm after knowing how long each section of data needs to be/can be kept for, so that this can be made part of the design, and presented to the company.
Thanks very much,
Ben
