Communications data is limited to data that describes the caller and the means of communication (e.g. subscriber details, billing data, e-mail logs, personal details of customers and records showing the location where mobile phone calls were made) but not the content of the communications.
It is viewed as valuable data as it permits the creation of a comprehensive dossier on the contacts, friendships, interests, transactions, and movements of an individual.
Access to and retention of this data is governed by provisions in the Regulation of Investigatory Powers Act of 2000, known as RIPA, and the Anti-Terrorism, Crime & Security Act (ATCSA), which was enacted in the aftermath of the September 11th tragedy.
This latter Act provides for the retention of communications data for the purpose of fighting terrorism. However, once retained, the RIPA provisions give rights of access to many other agencies for purposes unconnected with terrorism.
At present ISPs and telcos retain communications data for their own business purposes, but the Government would like them to subscribe to a voluntary Code of Practice that would govern how, and for how long, the data would be retained for Government purposes.
It has listened to some comments from the industry and yesterday the Chair of the ISPA Council, Jessica Hendrie- Liaño, welcomed the fact that some concerns – such as the need for checks on public bodies by an independent Commissioner – had been addressed.
She also welcomed the fact that the new Orders would establish a uniform procedure that law enforcement agencies and other designated authorities must follow in order to access communications data.
But the ISPA expressed concern that some agencies, such as the Department for Work and Pensions, are retaining access powers that they hold under other legislation.
Mrs. Hendrie-Liaño said:
"This uniform procedure enables ISPs to assist law enforcement agencies and protect customer data. ISPs may find it difficult to assess the legitimacy of data access requests made using powers other than those granted under RIPA."
Nor was the ISPA happy with the Code of Practice itself – to such an extent that the organisation has again recommended that ISPs should reject it.
According to Mrs. Hendrie-Liaño:
"ISPA lacks convincing evidence from law enforcement that the data retained by ISPs at the request of the Home Office will be of use to law enforcement. Moreover, ISPA believes the voluntary code of practice may cause ISPs legal problems due to conflicts with the Data Protection Act and Human Rights legislation."
ISPA also renewed its call for more information about how ISPs will recover their costs for retaining data for law enforcement purposes.
The Government has already warned that if ISPs do not join the voluntary scheme then a mandatory one will be imposed.
In fact, according to the Government's own consultation on the issue, ISPs would prefer a mandatory Code of Practice or statutory scheme because it would lower the risk of ISPs falling foul of the Data Protection Act since they would then be retaining data for the purpose of complying with a legal obligation.