Once Next have your personal data, they have it forever
In the year of our Lord 2010, it's a foolish man that splashes about his personal data like Old Spice. But what do you do if a business has your information and refuses to delete it?
An avid Bitterwallet reader, let's call him Simon, is locked in a battle with Next over such an issue. Simon recently decided to cancel his Next account, because he had no intention of using it again and didn't want a £900 credit limit in his name floating about in the ether.
Simon phoned Next to cancel his account, to be told it wasn't possible to close his account or delete his details, but a quick email to customer services resolved the issue, and Simon was told his account is closed. Except it wasn't, because Simon could still log into his account through the Next website, where all his details and the £900 credit limit were still intact. So Simon emails Next again:
I recently asked to close my account, but I am still able to log into my account, and I can see there is still a credit limit available. Please delete ALL my details from your system, and remove my credit limit. Please confirm once complete. Thanks.
And Next duly reply once more:
I am sorry that you wish to close your account. I can confirm that this has now been done and no further Directories or promotional literature will be sent, unless specifically requested.
And of course Simon checked, and of course his account was still there. Simon emailed Next a third time, and Next replied once more to say they'd definitely sorted it out this time, right, because his account is blocked, his email address has been removed and the credit limit has been cancelled. Simon checked his account; his details were still there but the credit limit had been removed and so Simon assumed the account was closed.
The next day Simon received an email entitled "Notice of Variation of your Next Directory Credit Agreement" which outlined out changes to the credit agreement Simon thought he no longer had. Another email sent to Next, and another reply:
Although you have requested your account to be closed, we are obliged to inform you of any changes in relation to the Credit Agreement for any future purchases you may make.
Simon emailed a fifth time to say he will not be making future purchases, and insist that the account and his personal details be deleted. Next replied:
The order facility has also been closed at your request, but you will still be able to log in and view your account online as we are unable to remove this facility.
Your account details are held for Data Protection purposes and we cannot delete your account.
So Next are saying they will never delete anyone's personal information - even if a customer has repeatedly asked for their account to be closed - and that Next are doing this for "Data Protection purposes". Baffling, since the Data Protection Act states under the heading "THE DATA PROTECTION PRINCIPLES":
5 Personal data processed for any purpose or purposes shall not be kept for longer than is necessary for that purpose or those purposes.
That's the law, then, and it seems rather straight forward; Simon's information was collected by Next for the purpose of opening a credit account, and now the account is no longer required and has been closed, Next shouldn't keep the data. Except they are.
We called Next's press department about the matter, but their spokesperson wouldn't comment unless we sent Simon's personal details to them; even when we simply asked what Next's data protection policy was, the spokesperson refused to answer, making it impossible ascertain whether their treatment of Simon is company policy or poor interpretation of it.
We're following up the story with both Simon and Next, but in the meantime - have any other readers had experiences of company's refusing to delete their personal data when closing an account?