Data retention
Relevant law and regulation includes: The European Directive (2006/24/EC) which has been implemented in the UK under the Data Retention (EC Directive) Regulations 2009 and the January 2004 the Code of Practice (for voluntary retention of communications data) implemented under the Anti-Terrorism, Crime and Security Act 2001.
Under the above directive, certain types of data are required to be retained necessary to identify end users accessing the Internet. The type of data to be retained is traffic data and location data which can trace the source of a communication. Examples of relevant data include:
User ID; name and address; date and time of login and log off
IP address allocated to a user; MAC Address, originator of the communication;
The internet service used (“communications data”).HTTP,POP,IMAP,SKYPE etc
The Home Office would expect such data to be retained for a period of 12 months. As a matter of best practice an establishment should have in place facilities to store and access communications data for a period of 12 months from the date of the data coming into existence. The purpose of maintaining communications data is to assist intelligence and law enforcement agencies such as the police in their investigation of criminal and terrorist activities.