Get in touch with an Axigen Specialist
Find a Partner in US
Search Results
  • Search Results
Lately, the Internet news sites and blogs have all been buzzing with reports of privacy infringements by various IT companies, regulation changes and updates on the laws already in effect, all related to data retention policies.

Well what does all this mean? In effect, the majority of companies providing IT services in one way or another have to abide by these new regulations in order to comply with the new standards. Initially, data retention was not mandatory, but it soon became clear (mostly in the past few years) that legal, administrative, commercial and even social interests can be better protected through such an initiative.

This article describes how the Axigen messaging solution is in compliance with both United States and European Union currently effective laws and policies related to data retention and data preservation. These measures were adopted by service providers mainly to minimize the risk of deletion or modification of records and communications.

Alternatively, we also invite you to join our free live webinar on the topic. Not only that you will get acquainted with the data retention regulations in force, but also learn how to deploy and maintain a fully compliant and secure messaging solution. For more information, please visit: http://www.axigen.com/webinars/data-retention-regulations/

Complying with European Union and United States Data Retention Regulations

Feb 06, 2009

First Stop: Europe

European Union data retention policies are listed in the Directive 2006/24/EC of the European Parliament and of the Council of 15 March 2006 on the retention of data generated or processed in connection with the provision of publicly available electronic communications services or of public communications networks and amending Directive 2002/58/EC. This Directive can be accessed online at the following link:

http://eur-lex.europa.eu/LexUriServ/LexUriServ.do?uri=CELEX:32006L0024:EN:HTML

According to this Directive, any service provider (SP) that offers publicly available electronic communications services or public communications networks must abide by the rules listed below.

Categories of data to be retained (excerpt from the above linked page):
  • Data necessary to trace and identify the source of a communication:
    - The user ID allocated;
    - The name and address of the subscriber or registered user to whom an IP address or user ID was allocated at the time of the communication;

  • Data necessary to trace and identify the destination of a communication:
    - The user ID or telephone number of the intended recipient(s);
    - The name(s) and address(es) of the subscriber(s) or registered user(s) and user ID of the intended recipient of the communication;

  • Data necessary to identify the date, time and duration of a communication:
    - The date and time of the log-in and log-off of the Internet access service, based on a certain time zone, together with the IP address, whether dynamic or static, allocated by the Internet access service provider to a communication, and the user ID of the subscriber or registered user;
    - The date and time of the log-in and log-off of the Internet e-mail service or Internet telephony service, based on a certain time zone;

  • Data necessary to identify the type of communication:
    - The Internet service used;

For all of these categories of data to be retained, the Axigen Mail Server makes use of the logging functionality to store the information and save it to disk. The data should be kept for a minimum six months and not more than two years.

As a side-note, the Directive 2006/24/EC of the European Parliament and of the Council of 15 March 2006 on the retention of data generated or processed in connection with the provision of publicly available electronic communications services or of public communications networks stipulates the following restriction on the data retention policies (Article 5, indent 2):

“No data revealing the content of the communication may be retained pursuant to this Directive.”

This Directive only applies to EU member states and includes regulations concerning Internet access, Internet e-mail and Internet telephony. For this reason, saving actual messages that pass through the email server does not comply with the European regulations. For more information, please consult the official Directive, here:

http://eur-lex.europa.eu/LexUriServ/LexUriServ.do?uri=CELEX:32006L0024:EN:HTML

Therefore, in a way, the privacy of each individual is rather safe (at least for the moment). This should be of much interest to anyone who is part of a company’s management, because they should be extremely cautious with how messages are stored, copied, archived and who has access to these potentially “illegal” materials.
Page 1   Page 2  
Print article Back to top Digg this | Post on del.icio.us | Post on Furl
Axigen is a powerful, award-winning email server for Windows & Linux operating systems. A free mail server version is available for immediate download and adds free support services, as well as the business mail server edition, which includes features like personal organizer or antivirus antispam and the Enterprise mail server offering groupware and advanced security policies. The carrier-class ISP mail server solution completes the Axigen product range, with optional clustering support & delegated administration.
© Copyright
2005-2010
Gecad Technologies
All rights reserved


+1 773 634 9610 Sales Hotline (US): +44 208 144 3400 Sales Hotline (UK): +49 821 7952 987 Sales Hotline (DE): +85 281 208 440 Sales Hotline (HK):