How to
Sponsor ISPA

Data Retention

ISPs Requested to Retain Communications Data

The Anti-Terrorism Crime and Security (ATCS) Bill was introduced as emergency legislation following the terrorist attacks on the United States on 11th September 2001.

The Bill had its first reading on November 12 2001, following which the Home Secretary announced a consultation period to enable Government to work with Industry to help formulate the detail of the Code of Practice. ISPA represented ISPs during this consultation period.

The ATCS Act received Royal Assent on 14 December 2001.

ATCS contains a number of measures aimed at tackling terrorism and protecting national security. Part 11 is entitled Retention of Communications Data - the most significant section for the communications Industry. This Part enables the Secretary of State for the Home Department to draw up a voluntary Code of Practice to allow Communication Service Providers (CSPs) to retain data for use by law enforcement agencies in their investigations.

UK ISPs are currently required to comply with the Data Protection Act 1998 which imposes strict limits on the purposes and duration of data retention by CSPs. Businesses in the UK can retain data only as long as is necessary for billing purposes. There remains confusion as to how the new ATCS Code of Practice will fit with this existing, and potentially conflicting, legislation.

Reserve powers contained in ATCS enable the Home Secretary to replace the voluntary code with a mandatory requirement and to introduce new codes if the Secretary of State deems the Code not to have taken adequate effect in providing useful information to law enforcement agencies.

The Internet industry is currently evaluating the potential costs of compliance with the voluntary code in line with the proposed retention periods.

ISPA is committed to assisting law enforcement agencies in the investigation of crimes that threaten national security and we support the broad aims of the Anti-Terrorism, Crime and Security Act. However particular issues must be addressed by the Government during the further consultation with industry.

Such issues include the following:

On 15th March 2006 the European Union Directive on Data Retention was passed.  The Data Retention (EC Directive) Regulations 2007, which implement the Directive in the UK, were made on 26 July 2007 and became law on 1 October 2007.  The Regulations only apply to fixed and mobile telephony, as the UK Government has taken advantage of an option contained within the Directive to use an extra 18 months grace period for implementation for Internet Communications.

ISPA welcomes the opportunity to work in co-operation with the Government, law enforcement agencies and the Information Commissioner to develop a Code of Practice that is reasonable and practical in its requirements and effective in its objective.

                                      - ends - 
 

Notes to Editors

For further information, please contact the ISPA press office.
Email: pressoffice@ispa.org.uk Tel: 0207 609 1907

The Internet Services Providers' Association (ISPA) was established in 1995 as a trade association to represent Internet Services Providers (ISPs) in the UK. ISPA promotes competition, self-regulation and the development of the Internet industry. For a list of members or other information about ISPA, please consult the website: http://www.ispa.org.uk

ISPA holds permanent membership of the Internet Watch Foundation, the Internet Crime Forum, the Home Office Task Force on Child Protection on the Internet, the DfES Safety Strategy Group, EURIM, the Parliamentary IT Committee (PITCOM), the Association of Communication Service Providers, the Oftel Internet Forum, and international organisations such as EuroISPA, and the World ISP Forum.