1. Why Data Retention?

Lately, the Internet news sites and blogs have all been buzzing with reports of privacy infringements by various IT companies, regulation changes and updates on the laws already in effect, all related to data retention policies.

Well what does all this mean? In effect, the majority of companies providing IT services in one way or another have to abide by these new regulations in order to comply with the new standards. Initially, data retention was not mandatory, but it soon became clear (mostly in the past few years) that legal, administrative, commercial and even social interests can be better protected through such an initiative.

This article describes how the Axigen messaging solution (www.axigen.com) is in compliance with both United States and European Union currently effective laws and policies related to data retention and data preservation. These measures were adopted by service providers mainly to minimize the risk of deletion or modification of records and communications.

The Axigen Messaging Solution is fully compliant with all the laws and regulations in effect to date over both the United States and the European Union territories. In the next few pages, each area will be treated independently and references to the specific requirements enforced for that area alone will be listed.

2. First Stop: Europe

European Union data retention policies are listed in the Directive 2006/24/EC of the European Parliament and of the Council of 15 March 2006 on the retention of data generated or processed in connection with the provision of publicly available electronic communications services or of public communications networks and amending Directive 2002/58/EC. This Directive can be accessed online at the following link:

http://eur-lex.europa.eu/LexUriServ/LexUriServ.do?uri=CELEX:32006L0024:EN:HTML

According to this Directive, any service provider (SP) that offers publicly available electronic communications services or public communications networks must abide by the rules listed below.

Categories of data to be retained (excerpt from the above linked page):

a) Data necessary to trace and identify the source of a communication:

• The user ID allocated

• The name and address of the subscriber or registered user to whom an IP address or user ID was allocated at the time of the communication

b) Data necessary to trace and identify the destination of a communication:

• The user ID or telephone number of the intended recipient(s)

• The name(s) and address(es) of the subscriber(s) or registered user(s) and user ID of the intended recipient of the communication

c) Data necessary to identify the date, time and duration of a communication:

• The date and time of the log-in and log-off of the Internet access service, based on a certain time zone, together with the IP address, whether dynamic or static, allocated by the Internet access service provider to a communication, and the user ID of the subscriber or registered user

• The date and time of the log-in and log-off of the Internet e-mail service or Internet telephony service, based on a certain time zone

d) Data necessary to identify the type of communication:

• The Internet service used

For all of these categories of data to be retained, the Axigen Mail Server makes use of the logging functionality to store the information and save it to disk. The data should be kept for a minimum six months and not more than two years.

To continue to read this article, please visit:

http://www.axigen.com/articles/axigen-compliance-with-eu-and-us-data-retention-policies_48.html

To join our free live webinar on data retention regulations and how to deploy and maintan a fully compliant messaging solution, please check out our webinars page:

http://www.axigen.com/webinars/