Data retention

From Wikipedia, the free encyclopedia
Jump to: navigation, search

Data retention defines the policies of persistent data and records management for meeting legal and business data archival requirements; although sometimes interchangeable, not to be confused with the Data Protection Act 1998.

The different data retention policies weighs legal and privacy concerns against economics and need-to-know concerns to determine the retention time, archival rules, data formats, and the permissible means of storage, access, and encryption.

Data retention policy[edit]

A data retention policy is a recognized and proven protocol within an organization for retain information for operational used while adherence to the laws and regulations concerning them. The objectives of a data retention policy are to keep important information for future use or reference, to organize information so it can be searched and accessed at a later date and to dispose of information that is no longer needed.[1]

The data retention policies within an organization are a set of guidelines that describes which data will be archived, how long it will be kept and other factors concerning the retention of the data.[2]

A part of any effective data retention policy is the permanent deletion of the retained data; achieving secure deletion of data by encrypting the data when stored, and then deleting the encryption key after a specified retention period. Thus, effectively deleting the data object and its copies stored in online and offline locations.[3]

Data retention regulations[edit]

The Data Retention (EC Directive) Regulations 2009[edit]

The policy of data retention under The Data Retention (EC Directive) Regulations 2009 applies to a wide range of method that data is acquired, how the data is stored, and came into force on 6 April 2009. Data is retained by different organizations for a range of different reasons data retention but predominantly focuses on the telecommunication industry. These regulations apply only to communications data while communications services are being supplied by public communication providers, if the data generated or processed is within the United Kingdom.[4]

The purpose of these regulations was to implement Directive 2006/24/EC of the European Parliament and of the Council of 15 March 2006 (“Data Retention Directive”) on the retention of data. The regulations also outlines the kind of data that must be retained within telecommunication, retained data must be necessary to:

  • Trace and identify the source of a communication;
  • Identify the destination of a communication;
  • Identify the date, time and duration of a communication; and
  • Identify the type of communication.[5]

The retention period data generated or collected according to the 2009 Regulations by the public communications providers was for 12 months from the date of the communication in question.[6]

On 8 April 2014, the Court of Justice of the European Union declared the Directive 2006/24/EC invalid for violating fundamental rights.

Government and data retention[edit]

United Kingdom[edit]

The Data Retention and Investigatory Powers Act came into force in 2014. It is the answer by the United Kingdom parliament after a declaration of invalidity was made by the Court of Justice of the European Union in relation to Directive 2006/ 24/EC in order to make provision, about the retention of certain communications data.[7] In addition the purpose act is to

  • Amend the grounds for issuing interception warrants, or granting or giving certain authorisations or notices.
  • Make provision about the extraterritorial application of that Part and about the meaning of “telecommunications service” for the purposes of that Act;
  • Make provision about a review of the operation and regulation of investigatory powers; and for connected purposes [7]

The act is also to ensure that communication companies in the UK continue to retain communications data so that it continues to be available when it is needed by law enforcement agencies and others to investigate committed crimes and protect the public.[8] Data protection law requires data that isn't of use to be deleted, this mean that the intention of this Act could be using data retention to acquire further policing powers using, as the Act make data retention mandatory.

An element of this Act is the provision of the investigatory powers to be reported by 1 May 2015.[9]

Controversy[edit]

The Data Retention and Investigatory Powers Act 2014 was referred to as the "snooper’s charter" communications data bill.[10] The current Home Secretary, Theresa May a strong supporter of the parliament Act, in a speech said that “If we (parliament) do not act, we risk sleepwalking into a society in which crime can no longer be investigated and terrorists can plot their murderous schemes undisrupted.” [10]

The United Kingdom parliament it’s new laws increasing power of data retention is essential to tackling crime and protecting the public, however not all agree and believe that the primary objective in the data retention by the government is mass surveillance.

After Europe's highest court said the depth of data retention breaches citizens' fundamental right to privacy and the UK created its own Act, It has led to the British government has been accused of breaking the law by forcing telecoms and internet providers to retain records of phone calls, texts and internet usage,[11] from this information, governments can identify, an individual's associates, location, group memberships, political affiliations and many more personal information.

In a television interview, the EU Advocate General Pedro Cruz Villalón highlighted the risk that the retained data might be used illegally in ways that are "potentially detrimental to privacy or, more broadly, fraudulent or even malicious".[11]

See also[edit]

External links[edit]

References[edit]

  1. ^ Rouse, Margaret. "Data retention policy". TechTarget. Retrieved 30 October 2014. 
  2. ^ Rouse, Margaret. "Data retention". TechTarget. Retrieved 30 October 2014. 
  3. ^ Li, J; Singhal, S; Swaminathan, R; Karp, AH (19 October 2012). "Managing Data Retention Policies at Scale". IEEE Xplore 9 (4): 393–406. doi:10.1109/TNSM.2012.101612.110203. 
  4. ^ "The Data Retention (EC Directive) Regulations 2009". Office of Public Sector Information. Retrieved 30 October 2014. 
  5. ^ "The Data Retention (EC Directive) Regulations 2009". Office of Public Sector Information. Retrieved 30 October 2014. 
  6. ^ "The Data Retention (EC Directive) Regulations 2009". Office of Public Sector Information. Retrieved 31 October 2014. 
  7. ^ a b "Data Retention and Investigatory Powers Act 2014" (PDF). Office of Public Sector Information. Retrieved 31 October 2014. 
  8. ^ "Data Retention Legislation (Impact Assessment)" (PDF). Office of Public Sector Information. Retrieved 31 October 2014. 
  9. ^ "Data Retention and Investigatory Powers Act 2014 (Explanatory notes)" (PDF). Office of Public Sector Information. Retrieved 31 October 2014. 
  10. ^ a b Travis, Alan (30 September 2014). "Theresa May vows Tory government would introduce ‘snooper’s charter’". The Guardian. Retrieved 31 October 2014. 
  11. ^ a b Hern, Alex (24 June 2014). "British government 'breaking law' in forcing data retention by companies". The Guardian. Retrieved 31 October 2014.