Data Retention

Data retention policies define how business records are managed to meet legal and other data archival requirements.  The data retention mandates of various governments weigh legal and privacy concerns against feasibility factors to determine the retention time, archival rules, data formats, and the permissible means of storage, access, and encryption. 

In the field of telecommunications, data retention generally refers to the storage of call detail records (CDRs) of telephone usage, internet traffic, and related transactional data by governments and commercial organizations.  In the case of government-mandated data retention, the data that is stored is usually the records of telephone calls made and received, emails sent and received, and websites visited.  Location data is also often collected.

The primary threat of government-imposed data retention is traffic surveillance and mass surveillance.  By analyzing retained data, governments can identify the locations of individuals, an individual’s associates, and the members of a group such as political opponents.  These activities may or may not be lawful, depending on the constitutions and laws of each country.  In many jurisdictions access to these databases may be made by a government with little or no judicial oversight.

In the case of commercial data retention, the data retained will usually describe transactions and web sites visited.

In 1994, the U.S. Congress addressed the need of law enforcement for technical capabilities when conducting lawful electronic surveillance, or lawful intercepts (“LI”), on telecommunications carrier networks.  The purpose of CALEA was to preserve LI technical capabilities despite evolutions in telecommunications network technologies.  This goal was to be accomplished in a manner that protects telecommunications subscriber privacy and leaves carriers free to launch new services and technologies.

The Communications Assistance for Law Enforcement Act (“CALEA”) governs “telecommunications carriers” as that term is uniquely defined in the statute.  A CALEA telecommunications carrier is any entity engaged in the transmission or switching of electronic communications to the public for a fee.  CALEA mandates technical capabilities for real-time interception of communications.  CALEA doesn’t require data retention.  In fact, should a law enforcement agency request such stored information and the communication service provider has not retained it, there are no penalties.  Such is not the case in many other countries, which do mandate data retention.  Therefore U.S. service providers must understand the law enforcement assistance requirements of other countries.

Internationally, individual countries such as Australia or member states of the European Union have created data retention rules and regulations with a view toward balancing the requirements of law enforcement investigations against individual privacy rights.

In 2015, the Australian government introduced mandatory data retention laws that require communication service providers to store data for up to two years.  Specifically, telecommunication providers and ISPs must retain telephony, Internet and email metadata for two years.  Law enforcement may access the data under due process authority, though not necessary a warrant.    Such laws are not inexpensive.  The scheme is estimated to cost at least AU$400 million per year to implement, working out to at least $16 per user per year. The Australian Attorney General has been vested with broad discretion on which agencies are allowed to access metadata, including private agencies.[8]

The data retention policies within an organization are a set of guidelines that describes which data will be archived, how long it will be kept, what happens to the data at the end of the retention period (archive or destroy) and other factors concerning the retention of the data.

A part of any effective data retention policy is the permanent deletion of the retained data; achieving secure deletion of data by encrypting the data when stored, and then deleting the encryption key after a specified retention period.  Thus, effectively deleting the data object and its copies stored in online and offline locations.