Data Retention: Anti-Terrorism, Crime and Security Act

Currently the home office has put in place a voluntary code of practice for ISP and telecommunication service providers relating to the retention of data this is comes under the “Retention of communications data under part 11: Anti-Terrorism, Crime & Security Act 2001

The code provides for the following retention time periods:

  • SMS, EMS and MMS: Data retention period 6 months.
  • Email: Data retention period 6 months
  • ISP: Data retention period 6 months
  • Web Activity Logs: Data Retention period 4 days

The following data is required to be stored for the retention times mentioned above:

SMS, EMS and MMS: Calling number, IMEI – Called number, IMEI – Date and time of sending – Delivery receipt – if available – Location data when messages sent and received, in form of lat/long reference.

Email: Log-on (authentication user name, date and time of log-in/log-off, IP address logged-in from) – sent email (authentication user name, from/to/cc email addresses, date and time sent) – received email (authentication user name, from/to email addresses, date and time received)

ISP: Log-on (authentication user name, date and time of log-in/log-off, IP address assigned, Dial-up: CLI and number dialed, Always-on: ADSL end point/MAC address (If available)

Web Activity Logs: Proxy server logs (date/time, IP address used, URL’s visited, services)

The code is quite clear that information stored should on be “Communications Data” only and exclude content of communication.

The Web browsing information to be retained should only be to the extent that only the host machine or domain name is disclosed.

The example the Home Office gives is that if the URL visited was http://www.homeoffice.gov.uk/kbsearch?qt=ripa+traffic=data

then only the domain “www.homeoffice.gov.uk” is to be stored . The reason is that the:

within a communication, data identifying http://www.homeoffice.gov.uk would be traffic data, whereas data identifying would be content and not subject to retention.

About these ads

5 Responses to “Data Retention: Anti-Terrorism, Crime and Security Act”

  1. Data Retention and Interception « Data - Where is it? Says:

    [...] More detailed information on these retention times is available here. [...]

  2. ISP Data Retention (US) « Data - Where is it? Says:

    [...] the UK the data retention laws of ISPs are currently governed by the Retention of communications data under part 11: Anti-Terrorism, Crime & Security Act 2001 Explore posts in the same categories: ISP Data [...]

  3. Mike Says:

    so for myself, amongst admittedly the slower of people does this mean that websites that i visit are accessable by the isp, and thus forewardable with a court order to the police for 4 days only and then are irretrievably destroyed? do all isp do this? a tech guy in prange the mobile network told me to retain search history for them would break the data protection act, to aid follow ups i am on an internet dingle, and thus ip is a dynamic 1

  4. Mike Says:

    typo, meant Orange


Leave a Reply

Fill in your details below or click an icon to log in:

WordPress.com Logo

You are commenting using your WordPress.com account. Log Out / Change )

Twitter picture

You are commenting using your Twitter account. Log Out / Change )

Facebook photo

You are commenting using your Facebook account. Log Out / Change )

Google+ photo

You are commenting using your Google+ account. Log Out / Change )

Connecting to %s

Follow

Get every new post delivered to your Inbox.

Join 29 other followers

%d bloggers like this: