Results 1 to 4 of 4
  1. #1

    EU Data Retention Law

    Hey Everyone,

    We run a UK VPS hosting business (Hoping to expand soon into the dedicated server market). As some of you may be aware, new EU law came into force last month in the UK, stating that some IP information must be retained for 12 months. I have a few questions relating to this, and while I appreciate that you guys aren't lawyers, maybe you can shed some into what you're doing?

    Link to government site: http://www.legislation.gov.uk/uksi/2.../contents/made

    q1) We rent space from a colocation provider (As most hosting companies do). Do you reckon that we need to retain anything? Or is this the job of the colo provider (Who run their own AS network)

    q2) What is it that we actually need to keep? Our router is able to log connections, (i.e. one log entry per "state") so we could easily log that out to a syslog server.

    q3) The new law mentions things about storing information about emails. We don't provide email services, but of course some of our customers use their VPSes as email servers. Woud we still need to retain email header information (This would be a technical nightmare).

    q4) The UK law mentions something along the lines of only need to follow the law if you've been asked by the government. Am I reading this right?

    Phew! That's a lot of questions! Hopefully someone UK/EU based can shed some light

    Any tips would be appreciated.

    Cheers

  2. #2
    Join Date
    Jun 2006
    Location
    Europe
    Posts
    632
    this is something that your Network provider (in your case this is the DC you colo wth) is supposed to do, and probably is already doing it.

  3. #3
    Join Date
    Dec 2004
    Posts
    569
    Here (in NL) what you need to retain is:

    - your mail server logs (/var/log/maillog)
    - IP-address assignments
    - historical name/address information of your customers. (e.g. if they change their home address through your billing portal, you also need to retain the previous address).

    Data retention only applies to providers offering PUBLIC services, so if you have VPS customers that installed their own mail server for their own private use, that is not your concern.

    Assume the UK has similar requirements.
    Last edited by Maxnet; 04-06-2011 at 07:00 AM.

  4. #4
    Indeed this can get tricky at times.

    Well we already keep the IP address information in our billing system (Maybe it's not as organised as it could be, nonetheless it's there)

    I'm more concerned about the fact if whether or not I have to install a snooper device to log IP connections

Similar Threads

  1. Tape Data Retention Period
    By andretenreiro in forum Hosting Security and Technology
    Replies: 0
    Last Post: 11-24-2009, 06:35 AM
  2. VPS and data retention laws
    By RemyHorton in forum VPS Hosting
    Replies: 9
    Last Post: 06-22-2009, 05:20 AM
  3. Mother-in-Law and Father-in-Law (help)...
    By dav in forum Web Hosting Lounge
    Replies: 16
    Last Post: 03-22-2007, 05:12 AM
  4. MEPs vote for mandatory data retention
    By Slidey in forum Web Hosting Lounge
    Replies: 0
    Last Post: 12-14-2005, 01:07 PM
  5. Is there any kind of law or copyright law against this?
    By Kenji4861 in forum Web Hosting Lounge
    Replies: 6
    Last Post: 02-10-2005, 02:45 AM

Posting Permissions

  • You may not post new threads
  • You may not post replies
  • You may not post attachments
  • You may not edit your posts
  •