> Toward a U.S. Data-Retention Standard for ISPs > http://www.educause.edu/EDUCAUSE+Review/EDUCAUSEReviewMagazineVolume41/TowardaUSDataRetentionStandard/158105 > "Current law, as contained in Title 18 U.S.C. Section 2703(f), outlines > the process by which law enforcement can contact ISPs to request the > preservation of identified records or communications related to a > particular person. The information cannot be deleted for 90 days, > during which time law enforcement obtains the proper legal process.7" >
This is called a "request to preserve records" and is quite common. Basically it's a FAX from $agency to your legal department (and then forwarded to the IT folks) that says "hey, IF (and only IF) you have data relating to $x $y and $z, don't delete it until you get the subpoena" This is meant to counteract the routine log rotation in place almost everywhere. The first request gets them 90 days to follow up with the appropriate paperwork (subpoena or warrant, depending on what and how old it is). Those "preservation requests" do not create any duty to BEGIN collecting anything .. you just can't destroy what you've already got. Also, there's no duty to retain other records that may relate tangentially to the request but aren't specifically requested(*). (*) : IANAL, check with your company lawyers in all cases when answering legal process, etc. A forward-going request is known as a "Title III Order" AKA "wiretap". These are quite rare by comparison. Regards, Michael Holstein Cleveland State University *********************************************************************** To unsubscribe, send an e-mail to [email protected] with unsubscribe or-talk in the body. http://archives.seul.org/or/talk/
