recruiter spam and removing my details from agency databases

I'm sorry to be the one to inform you, but you don't actually have a right to require organisations to remove information that they hold about you (including your CV) from their records.

It's amazing how many people misunderstand the DPA, and assume that it gives them far more rights than it really does. This is the full text of the Act, and this is a summary of eight of its Key Principles. You'll notice that at no point is any right to require information that organisations once legitimately collected about you to be removed from their records mentioned.

You have the right to require organisations to stop contacting you. You have a qualified right to require them not to share the information they hold about you with anyone else without your consent. You have a right to have factually incorrect information about you corrected. And, in order to collect information about you in the first place, organisations require your consent. Also, most businesses are interested in doing business with people; part of that outlook sometimes involves agreeing to do things they don't strictly have to do. However, once your consent has been initially obtained, there's no retrospective right to have information that has been collected about you deleted.

I once worked for a company that provided identity verification services for organisations like online casinos, dating websites and the like. Basically, anywhere that you had to prove your identity/age/etc in order to engage in a transaction or establish trust. Just occasionally, you'd get someone contacting the organisation I was working for, and demanding that their details be removed. (Usually they'd rediscovered their information was being held by a third party they didn't immediately recognise by requesting their own record from a credit reference agency, or sometimes they'd simply change their minds for whatever reason and demand to get their details back). On occasion, to prevent bad publicity, our organisation agreed to remove the details in question. Other times not. If some kid registered for a dating agency using their dad's credit card (who had the same name), for example, in order to try and falsely persuade older women that he was of their age to fraudulently misrepresent himself to them, that's kind of the type of thing they'd want to keep a record of, however the subject of the data himself might feel about it. It's not always about protecting the person whose consent you originally obtained; it's also often about protecting the people that individual would like to do business with.

Similarly, agencies have a right to retain your CV, so that you don't submit one later that is greatly more impressive than the one you would have preferred them to have removed from their records. Occasionally, if you have valuable skills and you have a legitimate reason for requesting they remove your CV, they might agree to your request, but they're under no compulsion to do so. E.g., plenty of people have a "management experience emphasis" and a "technical experience emphasis" version of their CV, and some even have a version of their CV that is organised by chronological appointments and another one that is organised by relevant skills. Many agencies will agree to remove one or the other from their records, or withhold one or other less relevant versions, when recruiting for roles for which one or other version would be more appropriate, provided they contain largely the same record of your achievements and experience.

The only time I've ever got the ICO involved in a case of an agency playing dumb and pretending to remove my CV (but not really doing so), was with The IT Job Board and Progressive (which you'll find commonly and more accurately referred to as "Regressive" amongst contractors). I'd made the mistake of doing a couple of gigs through Regressive back in 2001 or so, and so my CV had ended up in their files. Both they and TITJB are part of the same group of companies, but are not the same legal entity. When TITJB kept sending me unsolicited e-mail and 'surveys' asking how much I was making on a regular basis, and they failed to stop after I'd 'unsubscribed' using their comedy website, and after I'd finally called and sent a registered letter informing them that I required them to delete my details as they'd never obtained my consent to hold information about me in the first place, that's when I got the ICO involved. [When I'd called TITJB, I'd had the joy of speaking with what appeared to be some work experience youth. He first asked me how to spell my name – as both Rachel and Pierson are names that have possible alternative spellings when you merely hear them spoken – then announced that he "couldn't find my details anywhere" in their system. When I told him to get his act together, he typed a few keys, then said "right, that's them deleted" in a voice that was smug and apocryphal in equal measure. Still, it was a useful call to be able to refer to a recording of later when the ICO asked what steps I'd taken to try and get them to comply before finally asking them to deal with the problem.]

So, if I were you, and it's an agency that legitimately holds a CV you once sent to them that you're talking about, I'd forget it. Ask them to stop contacting you, and if they fail to do so complain to the ICO about that alone. Only make a fuss about them deleting your CV completely if they've never had your consent to hold it in the first place, and an annoying youth mistakenly tries to treat you as if you're stupid and annoys you into pressing the matter further.

Sorry to disagree with you, but you are wrong. And I worked with the DPA \ IC.

An organisation can only hold information electronically or other medium, for its specified purpose. Once that purpose ceases to exist, the Act states the data \ information must be destroyed. Not destroying data \ information no longer required is an offence...

Further to what BB said principle 5 states data can be deleted once it's no longer needed - Principle 5 of the Data Protection Act - Guide to Data Protection Act

Many of the recruitment companies who have had my data, email me to inform me that if I don't send them an updated CV they will delete/remove my details from their database.

Some do this about 8 months after I've last had contact with them others take 4 years.

One thing that needs to be remembered is that if you ever give your details to one of those jobsites they may continual give your details to recruitment agencies and it may be the same one. So the agency will have to keep some information about you i.e. name, email address and phone number to ensure they don't contact you.