Data retention question

Andrew Cormack Andrew.Cormack at
Fri Jul 25 14:00:10 BST 2014

> -----Original Message-----
> From: ukcrypto-bounces at [mailto:ukcrypto-
> bounces at] On Behalf Of Caspar Bowden (lists)
> Sent: 25 July 2014 11:30
> To: UK Cryptography Policy Discussion Group
> Subject: Re: Data retention question
> On 07/25/14 11:46, Andrew Cormack wrote:
> > James
> > On the question of what might be lost, a long time ago LINX consulted
> Elizabeth France (yes, *that* long ago) and concluded that "necessary
> for security" probably covered retention of all logs for roughly six
> months.
> And obviously DP Registrar then, as ICO now, renowned as leading
> authority on Internet technology and punctilious assessment of the
> "strict necessity" (CJEU words) of infringements to private life
> arising
> therefrom.
> {/heavy_sarcasm}
> Caspar

The shorter time you keep logs for, the less chance of determining either the cause or impact of breaches of privacy such as Target. I wish companies holding personal data were better at detecting incidents, but DBIR et al suggest it's not happening.


Andrew Cormack
Chief Regulatory Adviser, Janet
t: +44 1235 822302
Janet(UK) is a trading name of Jisc Collections and Janet Limited, a not-for-profit company which is
registered in England under No.2881024 and whose Registered Office is at Lumen House, Library
Avenue, Harwell Oxford, Didcot, Oxfordshire, OX11 0SG. VAT No. 614944238

More information about the ukcrypto mailing list