CopperEye identifies data-retention issues

Daily news headlines

LONDON - In response to the UK Home Office's approach to the second phase of the European Union's Data Retention Directive - focused on online security measures - data management and compliance software firm CopperEye has identified a number of key issues to consider when the legislation is translated into UK law.

The first phase of the EU directive came into force in October 2007, requiring phone companies to retain fixed and mobile data, while the second phase has extended requirements to include internet communications, including email event data, to be retained for police and government use.

Duncan Pauly, CopperEye's chief technology officer, lists five key considerations for communications providers.

The first is tightened security to meet compliance requirements and ensure data is securely retained to prevent unauthorised access. An automated system is needed to destroy data once it has fallen beyond the retention period.

The second is proportionate access - in that only the relevant information for a specific investigation should be disclosed, minimising potential exposure of any other information held.

Legal evidence and timeliness are the third and fourth considerations - making sure information disclosed is accurate and complete to avoid unnecessary or inappropriate investigations, and collected and disclosed quickly to prevent delays in investigations.

Fifth is the total cost of ownership, to deliver long-term value for the service provider, with proportionate costs of hardware, implementation and maintenance of the compliance system.

"Providers should consider that existing systems might not have the capability to comply with new legislative requirements," says Carmen Carey, chief executive officer of CopperEye. "Unlike telecommunications companies that usually have extensive data-management capabilities, many internet service providers are smaller and are not able to manage the volumes of data this directive demands."

"Therefore, they must implement a data-management solution that is appropriate to their size and needs, and leverage the most appropriate technology to satisfy the European Union Data Retention Directive requirements. Further, providers must turn to solutions that are proven to support the directive and that are compliant with the European Telecommunications Standards Institute - anything else is an expensive compromise," says Carey.

  • LinkedIn  
  • Save this article
  • Print this page  

Only users who have a paid subscription or are part of a corporate subscription are able to print or copy content.

To access these options, along with all other subscription benefits, please contact [email protected] or view our subscription options here: http://subscriptions.risk.net/subscribe

You are currently unable to copy this content. Please contact [email protected] to find out more.

You need to sign in to use this feature. If you don’t have a Risk.net account, please register for a trial.

Sign in
You are currently on corporate access.

To use this feature you will need an individual account. If you have one already please sign in.

Sign in.

Alternatively you can request an individual account here: