Any rules on data retention?

I recently received a privacy statement from Standard Chartered Bank explaining how it uses the personal data it collects, in the light of the Personal Data Protection Act, which came into full effect earlier this month.

The problem is that I have not been a customer of the bank for more than a decade.

In 1999, I held a credit card with the bank, but after the card was phased out after about three years, I have not had any further dealings with the bank.

I contacted the bank and was initially told that I had not cancelled the card. When I pointed out that it had already been phased out and I had not received any more card statements, the bank realised its oversight and said it would delete my data.

I wonder if banks are holding on to past customers' data without valid reasons, so they can continue to send marketing materials to them.

I do recall receiving calls and marketing materials from another bank even though it had been about a decade after I cancelled the credit card I had with it.

Are banks allowed to keep data of past customers indefinitely? Does the regulator have a guideline on this? If so, what is being done to ensure banks adhere to it?

Lee Meow Hua (Ms)


This article was first published on July 16, 2014.
Get a copy of The Straits Times or go to for more stories.