Katana VentraIP

Data retention

Data retention defines the policies of persistent data and records management for meeting legal and business data archival requirements. Although sometimes interchangeable, it is not to be confused with the Data Protection Act 1998.

The different data retention policies weigh legal and privacy concerns economics and need-to-know concerns to determine the retention time, archival rules, data formats, and the permissible means of storage, access, and encryption.[1]

Implementation[edit]

In the field of telecommunications, "data retention" generally refers to the storage of call detail records (CDRs) of telephony and internet traffic and transaction data (IPDRs) by governments and commercial organisations.[2] In the case of government data retention, the data that is stored is usually of telephone calls made and received, emails sent and received, and websites visited. Location data is also collected.


The primary objective in government data retention is traffic analysis and mass surveillance. By analysing the retained data, governments can identify the locations of individuals, an individual's associates and the members of a group such as political opponents. These activities may or may not be lawful, depending on the constitutions and laws of each country. In many jurisdictions, access to these databases may be made by a government with little or no judicial oversight.[3][4]


In the case of commercial data retention, the data retained will usually be on transactions and web sites visited.


Data retention also covers data collected by other means (e.g., by Automatic number-plate recognition systems) and held by government and commercial organisations.

Policies[edit]

A data retention policy is a recognized and proven protocol within an organization for retaining information for operational use while ensuring adherence to the laws and regulations concerning them. The objectives of a data retention policy are to keep important information for future use or reference, to organize information so it can be searched and accessed at a later date and to dispose of information that is no longer needed.[5]


The data retention policies within an organization are a set of guidelines that describes which data will be archived, how long it will be kept, what happens to the data at the end of the retention period (archive or destroy) and other factors concerning the retention of the data.[6]


A part of any effective data retention policy is the permanent deletion of the retained data; achieving secure deletion of data by encrypting the data when stored, and then deleting the encryption key after a specified retention period. Thus, effectively deleting the data object and its copies stored in online and offline locations.[7]

Trace and identify the source of a communication;

Trace and identify the destination of a communication;

Identify the date, time, and duration of a communication;

Identify the type of communication;

Identify the communication device;

Identify the location of mobile communication equipment.

Data security

Data Retention Directive

Data retention hardware

Data Protection Act 1998

Computer data storage

Customer proprietary network information

Data privacy

Electronic discovery

Lawful interception

Mass surveillance

NSA call database

Privacy

Secrecy of correspondence

Traffic analysis

I2P - The Anonymous Network

on the Open Rights Group wiki

Data Retention

The Politics of the EU Court Data Retention Opinion: End to Mass Surveillance?

Boehm, F. and Cole, M.: (2014). (PDF-file)

Data Retention after the Judgement of the Court of Justice of the European Union

Breyer, P. (2005). "Telecommunications Data Retention and Human Rights: The Compatibility of Blanket Traffic Data Retention with the ECHR". European Law Journal. 11 (3): 365–375. :10.1111/j.1468-0386.2005.00264.x.

doi

Centre for European Policy Studies (CEP): (2011). (PDF-File)

Policy Brief on Data Retention

Crump, C. (2003). . Stanford Law Review. 56 (1): 191–229. JSTOR 1229685.

"Data retention: privacy, anonymity, and accountability online"

Cybertelecom :: Records Keeping / Data Retention

: EPIC data retention page (to 2007)

Electronic Privacy Information Center

: EDRI news tracking page on data retention Archived 2013-06-17 at the Wayback Machine (current)

European Digital Rights

Feiler, L.: (2008). Seminar paper. (PDF-File)

The Data Retention Directive

Frost & Sullivan Whitepaper: Archived 2017-08-12 at the Wayback Machine

"Meeting the challenges of Data Retention: Now and in the future"

Ganj, C.: (December 4, 2009). (PDF-File)

"The Lives of Other Judges: Effects of the Romanian Data Retention Judgment"

Goemans, C. and Dumortier, J.: . Digital Anonymity and the Law, series IT & Law/2, T.M.C. Asser Press, 2003, p 161–183. (PDF-File)

"Mandatory retention of traffic data in the EU: possible impact on privacy and on-line anonymity

Milford, P.: (2008). LLM Dissertation – Southampton Business School. (PDF-File)

"The Data Retention Directive: too fast, too furious a response?

Mitrou, L.: From Digital Privacy: Theory, Technologies, and Practices edited by Alessandro Acquisti, Stefanos Gritzalis, Costos Lambrinoudakis and Sabrina di Vimercati. Auerbach Publications, 2008. (PDF-File)

"Communications Data Retention: A Pandora's Box for Rights and Liberties?"

Morariu, M. (2009). (PDF). Amsterdam Social Science. 1 (2): 46–65. ISSN 2210-2310. Archived from the original (PDF) on April 26, 2012.

"How Secure is to Remain Private? On the Controversies of the European Data Retention Directive"

with full references to legislation, codes of practice, etc.

UK Data Retention Requirements

: Consultation papers on data retention and on access to communications data.

UK Home Office

Walker, C.; Akdeniz, Y. (2003). . Northern Ireland Legal Quarterly. 54 (2): 159–182. doi:10.53386/nilq.v54i2.737.

"Anti-terrorism laws and data retention: war is over?"

Working Group on Data Retention: (current)

List of documents relating to communications data retention in the EU