Retention periods for OLAF personal data processing operations

Transcription

1 s for OLAF personal data processing s Notification I. Investigations and Operations 176 Internal investigations With follow-up: 15 yrs, to be reviewed in DG 177 External investigations Without follow-up: 8 yrs, to be reviewed in DG 179 Coordination cases DG 180 Monitoring DG 178 Dismissed cases 5 yrs, to be reviewed in DG 133 Fraud notification system Improper and pointless messages deleted immediately; if data becomes part of case (or non-case) file, retention period of case governs; if data exchanged with MS under Mutual Assistance, 10 yrs; if data exchanged with MS under irregularities, 3 yrs. 0.1 II. Intelligence 89 Intelligence If data becomes part of case (or non-case) file, retention period of case governs; if data exchanged with MS under Mutual Assistance, 10 yrs; if data exchanged with MS under irregularities, 3 yrs; where no other rule applies, 5 yrs; where review indicates data no longer relevant, deleted immediately. C Information processing preceding establishment of request for EWS flagging Depending on the category of warning, an active time limit is applied to the EWS warning. In such cases, the EWS flag is deactivated as soon as the fixed time period has elapsed. The retention period of the data and any documentation is 7 years from the end of the year in which the flagging ends. For example, if a flagging ends in May 2007, then the data will be made anonymous at the latest on 31 December 2014 (which is 31 December 2007 plus 7 years). D Council Reg (EC) Pursuant to Art 7 of Commission Reg (EC) no 745/96, any operator will be deleted from system of identification and notification at end of period of application of measure concerned and when that person shall no longer be treated as person implicated in irregularity on bas of first notification. Pursuant to Art Art. 3 (4) of Commission Reg (EC) no 745/96, as regards measure referred to in point (c) of Art 3 (1) of Reg (EC) No 1469/95, period of application minimum of 6 mos, except in duly substantiated exceptional cases, and maximum of 5 yrs.

2 Data held no more than 4 yrs after irregularity in question was committed pursuant to Art 8 (2) of Reg (EC) no 745/ Investigative Data Consultation Platform (IDCP) Personal data in the IDCP will be stored for a maximum of 10 years. After the first 3 years, data will be reviewed annually using automated and manual checks in order to ensure that data are held in accordance with the 10 year retention period. The maximum retention period for data received from IDCP partners may be shortened if the partner so requests. Relevant personal data extracted from the IDCP may be retained in OLAF's case files which are stored for a maximum of 15 years. C Search Facility The data will be stored for 10 years. Data are subject to annual reviews using automated and manual checks once data have been held for three years in order to ensure that data are held in accordance with the agreed retention period. 0.1 III. Mutual Assistance 17 Customs Information System 1) In accordance with provisions in Art 33 R.515/97, data included in C kept for time necessary to achieve purpose for which included. Need for their retention shall be reviewed at least annually by supplying C partner. 2) Supplying C partner may, within review period, decide to retain data until next review if retention necessary for purposes for which included. (EDPS instructed to limit extension to cases where real necessity.) 98 Fide database Data storage period depends on laws, Regs and procedures of MS supplying them. Maximum periods, from date of entry of data in investigation file: (a) data concerning current investigation files: no > than 3 yrs without any irregular being observed; data must be deleted before that time limit if 1 yr elapsed since last observation; (b) data concerning investigations in which an irregular has been established but which have not yet given rise to conviction or order to pay criminal fine or administrative penalty: no > 6 yrs; (c) data concerning investigations which have given rise to conviction or order to pay criminal fine or administrative penalty: no > 10 yrs. At all stages of an investigation file as referred to in paragraph 1(a), (b) and (c), as soon as person to whom Art 41b applies cleared of suspicion under laws, Regs and procedures of supplier MS, data concerning that person immediately deleted. FIDE automatically deletes data as soon as

3 maximum storage period has elapsed. Combined periods no > 10 yrs. 117 Irregularities At least 5 yrs and up to 3 yrs after closure of administrative, financial and judicial procedures related to reported irregularity and closure of programme//measure concerned, in conformance with financial provisions relating to specific areas of budget concerned. 151 Implementation of Article 325 by the Member States electronic questionnaire The list of responsible and contact person is continually updated. Non-relevant data is immediately deleted. 159 Virtual Operation Coordination Unit (Virtual OCU) For maximum period of 10 years. 160 Mutual Assistance Broker (MAB) exchange 165 Antifraud Transit Information System (ATIS) The data are retained for a maximum period of one year. The data retained for a maximum period of 10 years. IV. Legal affairs and relations with outside bodies 23 Regular monitoring of implementation of investigation function 10 yrs after date follow-up completed in line with OLAF's retention policy. (EDPS has asked that th be reviewed in 2009). SC 54 Processing of requests for access to documents under Reg 1049/ Processing of complaints received from European Ombudsman 5 yrs C.4 10 yrs after decision of Ombudsman issued. C OLAF NDPO&R 5 yrs DPO 111 Investigations by OLAF DPO 5 yrs DPO 152 Processing of requests and complaints under Art. 90a of the Staff Regulations 174 Processing of complaints from the European Data Protection Supervisor The files related to those complaints are retained for a maximum of 10 years after the response has been sent, in line with DG HR's policy. Where relevant, data held as part of an investigation file are kept for a maximum of 20 years. Files related to complaints to the EDPS are retained for ten years after the decision of the EDPS is issued. Where relevant, data held as part of an investigation file are kept for a maximum of 20 C.4 C.4

4 years. V. Meetings, conferences, seminars, training and contacts 19 Mutual assistance committee group 20 Irregularities and mutual assistance-agricultural products group 41 Financial management of external participants in OLAF meetings, conferences and seminars 42 OLAF staff participation in external training and seminars OLAF may keep both electronic and paper files relating to Irregularities and Mutual Assistance Group for up to 20 yrs after date on which Group held meeting. 5 yrs R.2 5 yrs C.2 44 General contacts, communications 45 Journalist contacts 46 OLAF Anti-Fraud Communicators Network (OAFCN) contacts 49 Organization of OLAF conferences 51 Management of internal training events 52 Management of external training events Until data subject requests to have his/her name removed from list. Until data subject requests to have his/her name removed from network. Participant lists, together with all documentation related to specific conference event, retained for 5 yrs from date of payment of balance to subcontractor involved in training event, in accordance with requirements of Financial Reg. Where no sub-contractor, documents retained for 5 yrs from date of action. Participant lists, together with all documentation related to a specific training event, are retained for five years from the date of payment of the balance to the sub-contractor involved in the training event, in accordance with the requirements of the Financial Regulation. Where there is no sub-contractor, the documents will also be retained for five years from the date of completion of the action. Lists of participants and speakers/contractors contact details, together with all documentation related to a specific training event, are retained for a period of five years from the date of payment of the balance to the sub-contractor involved in the training event, in accordance with the requirements of the Financial Regulation. Where there is no subcontractor, the documents will be retained for five years from the date of completion of the action. C.2 C.2 DG C.2 C.2

5 57 Organisation of meetings of Advisors Committee for Coordination of Fraud Prevention (COCOLAF) and its subgroups 60 Protection of euro groups: organization of meetings/conferences Contact list continually updated. When person no more member of COCOLAF or its sub-groups, his/her name and contact/professional data immediately deleted. 5 yrs from date of payment of balance, as required by Financial Reg. D.3 D Task group cigarettes conference participation list 154 Internal Survey on OLAF internal training List updated every year. B.2 maximum 6 months C Management of external training events in the area of computer forensics 184 List of contacts in third country authorities and international organisations The OLAF European Computer Forensic training data base and the lists of training participants and trainer contact details, together with all documentation related to a specific training event, are retained for a period of ten years from the date of registration of the applicant, in accordance with the requirements of the Financial Regulation. OLAF will immediately remove the data of any data subject from the list when it is informed by the data subject or his/her employer that the contact is no longer relevant. Thus, OLAF will constantly update the data on the list. OLAF will also review the list on a yearly basis to ensure that it is up-to-date. C.3 D.3 VI. Surveys and audits 139 Internal survey on perception of OLAF amongst all Commission staff 190 Study on corruption in public procurement 192 Evaluation of the PERICLES programme 196 Staff opinion survey in OLAF 3 mos, during which individual survey results will be aggregated. The data will be retained for a period of maximum two years following the finalisation of the study. Maximum of 3 years. Data will remain in the database until the results have been completely analysed and will be deleted when they have been usefully exploited, and at the latest after 1 year from the end of the consultation. R.1 D.1 IAC R Performance audit of AFIS Maximum of 1 year. IAC 198 OLAF human resources needs analysis R.1

6 VII. Administration 39 Verification of salary of OLAF staff 40 Invoicing for private use of service GSMs 48 Administration of Hercule Programme 61 Management of Pericles Programme 5 yrs, as required by Financial Reg. (Deletion during closure exercise for budget year Y+5). As soon as possible and no > 6 mos after collection, unless they need to be kept for longer period to establish, exercise or defend right in legal claim pending before court, in accordance with Art 37(2) of Reg 45/2001. As stipulated in privacy statement, after six mos, all "non-declared" calls will be ear-marked "P"rivate and their cost deducted from next payroll (see privacy statement). Documents related to grant agreement: 5 yrs from date of payment of balance, as required by Financial Reg. 5 yrs from date of payment of balance, as required by Financial Reg. R.2 R.2 D.5 D.5 72 Staff contracts (intramuros) Duration of contract + 5 Yrs R Internal audit process Audit report will be kept indefinitely. Type of document considered to be 'document of administrative value' as defined in Art 1 of Council Reg 1700/2003 setting out categories of documents which would be placed in historical archives of European Union. Art 85 of Financial Reg requires internal auditor to operate in compliance with relevant international standards. Institute of Internal Auditors (IIA) produces 'practice advisories' which recommend to audit bodies how to operate to meet international standards. In case of time limits for retention of supporting documentation, IIA does not suggest particular time period but says that they should be maintained long enough for issues raised to be resolved and that records should then be destroyed. IA of Commission works on three year audit cycle. Audit documentation should be available for consultation throughout following audit cycle to measure to what extent issues have been resolved in manner proposed in previous audit cycle. Maximum 6 yrs unless issue remains unresolved in which case documentation on that issue would be retained for longer. IAC 156 Publications of photographs of OLAF staff on the OLAF intranet Photos and contact data for the data subjects is published in the Trombinoscope and Who Does What for the duration of their contractual relations with OLAF. When the member of staff leaves OLAF, his/her data will be deleted from these processing s. Photos of events will be published for a few days. C.3

7 Photos will thereafter be deleted. 168 THOR (The OLAF Registration system) Registration of OLAF al documents 194 Time Management System The retention policy is dictated by the retention policy in the Common Retention List (SEC(2007)734). The personal data of OLAF staff will be kept until the direct superiors have validated it and it has been transferred to the Commission's Flexi-time System. This will be a maximum of 3 months. C.1 C.1 VII. IT 67 Images of hard disks of staff PCs 68 Incident management tool Get SMC 73 Case Management System (CMS) user registry 75 Change request system (CRS) for internal applications 6 mos R.3 3 yrs R.3 20 yrs C.1 3 yrs C.1 81 AF user register and IT service management tools Personal data of users only kept while users officially allowed to access AF applications. OLAF contacts AF Liaison Officers appointed by national administrations at beginning of each calendar year to request feedback on status of all their AF users. Users reported inactive will be deleted from AF Directory and all of their personal data will be removed from system within period of 12 mos. 83 Firewall Management servers 84 Computer rack access management Core Business Information Systems (CBIS) 1 yr R.3 1 yr R.3 OLAF 86 DPO Customs Communication Network (CCN) Gateway Personal data of users only kept while users officially allowed to access AF applications. OLAF contacts national administrations at beginning of each calendar year to request feedback on status of all their AF users. Users reported inactive will be deleted immediately from AF Gateway. R.3 97 OLAF IT infrastructure Log files can be divided into 2 main groups: (1) log files where administrator can specify fixed period of time after which entries will be removed and (2) log files where administrator specifies maximum physical size and once limit has been R.3

8 reached, oldest entries will be overwritten. For second group, retention period depends on size of file specified by administrator and activity of underlying HW/SW component. System administrators can only try to estimate maximum period of time entries will be kept on average in log file, and limit size of file to implement specific retention period, or remove older entries manually. As of January 2007, OLAF will work towards 6 mos limit for system and database log files. 137 OLAF CCTV security system 138 OLAF identity and access control system 1 yr R.3 1 yr R CBIS Identity & Access Management System Personal data will be deleted from the IAMS system when a person leaves OLAF, unless the person is a user of the Case Management System (CMS) in the case of which retention periods as notified under DPO-073 apply. Persons having had access to CMS will be disabled in the IAMS and all personal information, except the name and organisational entity of the user, will be deleted. The smartcard will be erased and reused by another user or destroyed. Logged access control information will be kept for six months. These data are needed for investigating security incidents. R.3