Data retention question

[Andrew Cormack]

> -----Original Message-----
> From: ukcrypto-bounces at chiark.greenend.org.uk [mailto:ukcrypto-
> bounces at chiark.greenend.org.uk] On Behalf Of Caspar Bowden (lists)
> Sent: 25 July 2014 11:30
> To: UK Cryptography Policy Discussion Group
> Subject: Re: Data retention question
> 
> On 07/25/14 11:46, Andrew Cormack wrote:
> > James
> > On the question of what might be lost, a long time ago LINX consulted
> Elizabeth France (yes, *that* long ago) and concluded that "necessary
> for security" probably covered retention of all logs for roughly six
> months.
> 
> And obviously DP Registrar then, as ICO now, renowned as leading
> authority on Internet technology and punctilious assessment of the
> "strict necessity" (CJEU words) of infringements to private life
> arising
> therefrom.
> 
> {/heavy_sarcasm}
> 
> Caspar

The shorter time you keep logs for, the less chance of determining either the cause or impact of breaches of privacy such as Target. I wish companies holding personal data were better at detecting incidents, but DBIR et al suggest it's not happening.

Andrew

--
Andrew Cormack
Chief Regulatory Adviser, Janet
t: +44 1235 822302
b: https://community.ja.net/blogs/regulatory-developments
Janet(UK) is a trading name of Jisc Collections and Janet Limited, a not-for-profit company which is
registered in England under No.2881024 and whose Registered Office is at Lumen House, Library
Avenue, Harwell Oxford, Didcot, Oxfordshire, OX11 0SG. VAT No. 614944238