The Data Retention (EC Directive) Regulations 2007 are
intended to ensure that security services have a reliable log of
mobile and fixed-line phone calls to be used in investigations.
They are also designed to ensure a uniform approach across the
industry.
The content of calls should not be retained under the new
regime. Instead, the law requires companies to keep certain
communications data, including: the number from which a call is
made; the customer's name and address; any number dialled; the date
and time of a call; and the telephone service used. Additional data
for mobile calls must also be retained, including geographic
location data.
The Regulations say that telecoms firms must keep the details
necessary to identify the caller or sender and recipient of every
telephone call made for 12 months. The data must be stored "in such
a way that the data retained can be transmitted without undue delay
in response to requests."
The new law implements most of the EU's Data Retention
Directive. That Directive was passed to ensure that valuable data
is available across Europe as a tool to prevent, investigate,
detect and prosecute criminal offences and in particular organised
crime.
The new rules do not apply to internet activity, so details of
websites visited, emails sent and received and Voice over Internet
Protocol (VoIP) phone calls need not be kept. That will change,
though. The Directive requires that member states extend their
retention rules to internet data by 15th March 2009.
The Federation of
Communications Service (FCS), a trade association for the
mobile and telecoms services industry, said the Regulations are
unlikely to disrupt a telco's business.
Members of FCS include many small communication service
providers, as well as a few bigger providers, notably Kingston
Communications plc. Heavyweights like BT and the major mobile
networks are not members.
FCS manager Michael Eagle told OUT-LAW: "We are advising our
members that they are unlikely to have to keep any information that
they don't currently keep. They should not be talked into buying
expensive new data storage systems as the industry already requires
a certain level of sensible due diligence."
"The reality is that nothing much has changed. The new
legislation will make little practical difference as most telecoms
providers keep certain information for billing purposes and
customer records," he added. "That information would be enough to
meet the requirements of law enforcement agencies. There is no need
to keep more data that you are ever likely to be asked for."
The law provides that the Secretary of State may reimburse any
expenses incurred by a public communications provider in complying
with these Regulations.
According to ComputerWeekly.com, the Government has budgeted a
total of £6 million to meet these costs.
Editor's note: When this story first
appeared it suggested that FCS was the only trade association of
its kind. We have since been advised by a reader that this is not
the case. We apologise for the inaccuracy.
