PlusNet Data Retention Policy

1. Introduction
2. Definitions
3. Background
4. The Policy
5. Data Retention Schedule
6. Personally Held Electronic Information
7. Security
8. Enquiries and Change Control

 

1. Introduction

The information contained in this policy represents the actions taken by PlusNet concerning all data, and its storage or deletion.

This information in this document is compliant with the BT Data Retention Policy. The BT Data Retention Policy is mandatory for all BT Business Units within the UK and therefore overarches this document. This is a mandatory policy for PlusNet PLC.

This policy makes up the customer-facing aspects of our internal policy and is reproduced almost word-for-word.

This policy makes reference to, and should be read alongside, our Data Retention Schedule.

[Top]

2. Definitions

Term or Phrase	Definition
Filestore	PlusNet's internal offline secure file storage system for all types of documentation

[Top]

3. Background

The information contained in this document has been written based on information provided by the Data Retention Manager of BT plc.

PlusNet require an information retention policy to ensure that we retain all information that we have an obligation to keep and that information is deleted where there is no business or legal requirement for it to be retained. The reasons for the necessity of this policy include:

• To comply with legal and regulatory requirements.
• To support PlusNet's case if we need to bring / defend legal proceedings or if PlusNet is under investigation.
• To preserve information that has historical value.

PlusNet must ensure the Policy is implemented and that files and documents are regularly reviewed and disposed of when they are no longer needed.

[Top]

4. The Policy

This policy is owned by PlusNet PLC, and covers the retention and disposal of all data held by PlusNet and its associated brands.

Billing related Customer Data

Customer information will be retained for 6 years and 1 quarter. This is in accordance with VAT regulations and the Limitation Act of 1980.

The information provided in the PlusNet Data Retention Schedule details what specific information shall be retained.

Customer Data (not billing related)

The Data Protection Act states that information should be retained only for a period where there is a business need. PlusNet’s policy is set for a maximum period of 2 years, although some data will be deleted prior to this. (This is detailed in the PlusNet Data Retention Schedule.)

In addition, any retained information can only be used for the purpose for which it is stored. This is compliant with the Data Protection Act 1998.

There are certain occasions when information needs to be preserved beyond any limits set out in the Policy. The Policy must be SUSPENDED relating to a specific customer or document and the information retained beyond the period specified in the PlusNet Data Retention Schedule in the following circumstances:

• Legal proceedings or a regulatory or similar investigation or obligation to produce information are known to be likely, threatened or actual.
• A crime is suspected or detected.
• Information is relevant to a company in liquidation or receivership, where a debt is due to PlusNet.
• Information is considered by the owning unit to be of potential historical importance and this has been confirmed by the Head of Data Retention.

In the case of possible or actual legal proceedings, investigations or crimes occurring, the type of information that needs to be retained relates to any that will help or harm PlusNet or the other side's case or liability or amount involved.

If there is any doubt over whether legal proceedings, an investigation or a crime could occur, or what information is relevant or material in these circumstances, the Head of Data Retention should be contacted and take legal advice sought.

It is everyone’s responsibility to ensure that the Policy is adhered to; however, automation will be in place where possible to ensure that data is correctly managed as per the Data Retention Schedule.

[Top]

5. Data Retention Schedule

The Data Retention Schedule is a comprehensive list of information items, held by PlusNet, which must be retained for specified periods of time for legal, statutory, fiscal, historical or operational reasons. It must be read in conjunction with this Policy.

The information contained in the Data Retention Schedule is compliant with the BT Data Retention Policy and Schedule.

[Top]

6. Personally held electronic information

Personally held electronic information is relates to an individual that has custody information in certain circumstances may cause PlusNet to be:

• Legally bound to a certain course of action.
• Contracted to a supply or purchasing agreement.
• Construed as a business record of PlusNet.

This information is stored in an uncontrolled system or an individual Personal Computer or Laptop Computer.

Personally held electronic information in these circumstances is subject to Section 4 of this document and the following directives apply:

For email, electronically stored documents and files;

1. Any retention period relating to any electronically generated or modified file (including email) is governed by its content.
2. Each user of any computer system or software program is individually responsible for retaining or deleting electronic information in accordance with the PlusNet Information Retention Policy.
3. All material that does not need to be retained should be deleted as soon as possible after receipt, creation or use.
4. Data stored in any computer or networked system (either on-line or offline, in personal folders or archives) must be reviewed at least every year. It is recommended that it is reviewed at least every 6 months needing a current good business reason for further storage.
5. Where it is possible, PlusNet staff should store retained files in Filestore; the shared, internal, network storage device.
6. Where a file is stored on another medium for information retention purposes, (paper, CD, disc etc), the original electronic file should then be deleted.
7. Each individual user is responsible for determining which files and electronic media should be retained as business records in accordance with the PlusNet Information Retention Policy and their business unit requirements.
8. Retention periods should be governed by the creation date or issue date of the information, not from the date of the last data save.
9. Retention periods should be noted in any document footers for clarity purposes, where possible.

[Top]

7. Security

PlusNet information must be both protected and disposed of in accordance with the PlusNet security policies, using appropriate security classification privacy markings.

[Top]

8. Enquiries and Change Control

This document is subject to the PlusNet Change Control process. Any amendments must go through this process prior to release.

Enquiries:

Head of Data Retention
PlusNet PLC
Internet House
2 Tenter Street
Sheffield
S1 4BY

[Top]

Policy Changes

We will list changes to the policy as they occur, to make it easier for you to see if and how the policy has altered since you last read it.

Date	Change Summary
13th July 2007	Policy first published