Data retention

Data retention defines the policies of persistent data and records management for meeting legal and business data archival requirements; although sometimes interchangeable, not to be confused with the Data Protection Act 1998.

The different data retention policies weigh legal and privacy concerns against economics and need-to-know concerns to determine the retention time, archival rules, data formats, and the permissible means of storage, access, and encryption.

Data retention policy

A data retention policy is a recognized and proven protocol within an organization for retaining information for operational use while ensuring adherence to the laws and regulations concerning them. The objectives of a data retention policy are to keep important information for future use or reference, to organize information so it can be searched and accessed at a later date and to dispose of information that is no longer needed.[1]

The data retention policies within an organization are a set of guidelines that describes which data will be archived, how long it will be kept and other factors concerning the retention of the data.[2]

A part of any effective data retention policy is the permanent deletion of the retained data; achieving secure deletion of data by encrypting the data when stored, and then deleting the encryption key after a specified retention period. Thus, effectively deleting the data object and its copies stored in online and offline locations.[3]

Data retention regulations

The Data Retention (EC Directive) Regulations 2009

The policy of data retention under The Data Retention (EC Directive) Regulations 2009 applies to a wide range of methods that control how data is acquired and stored. These Regulations came into force on 6 April 2009. Data is retained by different organizations for a range of different data retention reasons but the Data Retention Regulations mainly focus on the telecommunication industry. These regulations apply only to communications data while communications services are being supplied by public communication providers, if the data generated or processed is within the United Kingdom.[4]

The purpose of these regulations is to implement Directive 2006/24/EC of the European Parliament and of the Council of 15 March 2006 (“Data Retention Directive”) on the retention of data. The regulations also outline the kind of data that must be retained within the telecommunication industry. From retained data it must be possible to:

The retention period for data generated or collected according to the 2009 Regulations by the public communications providers is for 12 months from the date of the communication in question.[6]

On 8 April 2014, the Court of Justice of the European Union declared the Directive 2006/24/EC invalid for violating fundamental rights.

Government and data retention

United Kingdom

The Data Retention and Investigatory Powers Act came into force in 2014. It is the answer by the United Kingdom parliament after a declaration of invalidity was made by the Court of Justice of the European Union in relation to Directive 2006/ 24/EC in order to make provision, about the retention of certain communications data.[7] In addition the purpose act is to

The act is also to ensure that communication companies in the UK continue to retain communications data so that it continues to be available when it is needed by law enforcement agencies and others to investigate committed crimes and protect the public.[8] Data protection law requires data that isn't of use to be deleted, this mean that the intention of this Act could be using data retention to acquire further policing powers using, as the Act make data retention mandatory.

An element of this Act is the provision of the investigatory powers to be reported by 1 May 2015.[9]

Controversy

The Data Retention and Investigatory Powers Act 2014 was referred to as the "snooper’s charter" communications data bill.[10] The then Home Secretary Theresa May (and now current Prime Minister), a strong supporter of the parliament Act, in a speech said that “If we (parliament) do not act, we risk sleepwalking into a society in which crime can no longer be investigated and terrorists can plot their murderous schemes undisrupted.” [10]

The United Kingdom parliament its new laws increasing power of data retention is essential to tackling crime and protecting the public, however not all agree and believe that the primary objective in the data retention by the government is mass surveillance.

After Europe's highest court said the depth of data retention breaches citizens' fundamental right to privacy and the UK created its own Act, It has led to the British government has been accused of breaking the law by forcing telecoms and internet providers to retain records of phone calls, texts and internet usage,[11] from this information, governments can identify, an individual's associates, location, group memberships, political affiliations and many more personal information.

In a television interview, the EU Advocate General Pedro Cruz Villalón highlighted the risk that the retained data might be used illegally in ways that are "potentially detrimental to privacy or, more broadly, fraudulent or even malicious".[11]

See also

External links

References

  1. Rouse, Margaret. "Data retention policy". TechTarget. Retrieved 30 October 2014.
  2. Rouse, Margaret. "Data retention". TechTarget. Retrieved 30 October 2014.
  3. Li, J; Singhal, S; Swaminathan, R; Karp, AH (19 October 2012). "Managing Data Retention Policies at Scale". IEEE Xplore. 9 (4): 393–406. doi:10.1109/TNSM.2012.101612.110203.
  4. "The Data Retention (EC Directive) Regulations 2009". Office of Public Sector Information. Retrieved 30 October 2014.
  5. "The Data Retention (EC Directive) Regulations 2009". Office of Public Sector Information. Retrieved 30 October 2014.
  6. "The Data Retention (EC Directive) Regulations 2009". Office of Public Sector Information. Retrieved 31 October 2014.
  7. 1 2 "Data Retention and Investigatory Powers Act 2014" (PDF). Office of Public Sector Information. Retrieved 31 October 2014.
  8. "Data Retention Legislation (Impact Assessment)" (PDF). Office of Public Sector Information. Retrieved 31 October 2014.
  9. "Data Retention and Investigatory Powers Act 2014 (Explanatory notes)" (PDF). Office of Public Sector Information. Retrieved 31 October 2014.
  10. 1 2 Travis, Alan (30 September 2014). "Theresa May vows Tory government would introduce 'snooper's charter'". The Guardian. Retrieved 31 October 2014.
  11. 1 2 Hern, Alex (24 June 2014). "British government 'breaking law' in forcing data retention by companies". The Guardian. Retrieved 31 October 2014.
This article is issued from Wikipedia - version of the 9/20/2016. The text is available under the Creative Commons Attribution/Share Alike but additional terms may apply for the media files.