The Data Retention (EC Directive) Regulations 2007 are intended to ensure that security services have a reliable log of mobile and fixed-line phone calls to be used in investigations. They are also designed to ensure a uniform approach across the industry.
The content of calls should not be retained under the new regime. Instead, the law requires companies to keep certain communications data, including: the number from which a call is made; the customer's name and address; any number dialled; the date and time of a call; and the telephone service used. Additional data for mobile calls must also be retained, including geographic location data.
The Regulations say that telecoms firms must keep the details necessary to identify the caller or sender and recipient of every telephone call made for 12 months. The data must be stored "in such a way that the data retained can be transmitted without undue delay in response to requests."
The new law implements most of the EU's Data Retention Directive. That Directive was passed to ensure that valuable data is available across Europe as a tool to prevent, investigate, detect and prosecute criminal offences and in particular organised crime.
The new rules do not apply to internet activity, so details of websites visited, emails sent and received and Voice over Internet Protocol (VoIP) phone calls need not be kept. That will change, though. The Directive requires that member states extend their retention rules to internet data by 15th March 2009.
The Federation of Communications Service (FCS), a trade association for the mobile and telecoms services industry, said the Regulations are unlikely to disrupt a telco's business.
Members of FCS include many small communication service providers, as well as a few bigger providers, notably Kingston Communications plc. Heavyweights like BT and the major mobile networks are not members.
FCS manager Michael Eagle told OUT-LAW: "We are advising our members that they are unlikely to have to keep any information that they don't currently keep. They should not be talked into buying expensive new data storage systems as the industry already requires a certain level of sensible due diligence."
"The reality is that nothing much has changed. The new legislation will make little practical difference as most telecoms providers keep certain information for billing purposes and customer records," he added. "That information would be enough to meet the requirements of law enforcement agencies. There is no need to keep more data that you are ever likely to be asked for."
The law provides that the Secretary of State may reimburse any expenses incurred by a public communications provider in complying with these Regulations. According to ComputerWeekly.com, the Government has budgeted a total of £6 million to meet these costs.
Editor's note: When this story first appeared it suggested that FCS was the only trade association of its kind. We have since been advised by a reader that this is not the case. We apologise for the inaccuracy.