On Tue, May 10, 2011 at 3:38 PM, Michael Holstein < michael.holst...@csuohio.edu> wrote:
> > > > http://www.wired.com/images_blogs/threatlevel/2011/05/expendibleipaddresses.pdf > > > > The dates in the timestamps are back in February. We deleted those logs > "..in the regular course of business.." > a LONG TIME AGO. > > If you didn't do that, you really ought to ask yourself why. > > Regards, > > Michael Holstein > Information Security Administrator > Cleveland State University > In the EU you have Directive 2006/24/EC: http://eur-lex.europa.eu/LexUriServ/LexUriServ.do?uri=OJ:L:2006:105:0054:0063:EN:PDF Article 6 - Periods of retention Member States shall ensure that the categories of data specified in Article 5 are retained for periods of not less than six months and not more than two years from the date of the communication. Article 5 - Categories of data to be retained 1. Member States shall ensure that the following categories of data are retained under this Directive: (a) data necessary to trace and identify the source of a communication: (...) the name and address of the subscriber or registered user to whom an Internet Protocol (IP) address, user ID or telephone number was allocated at the time of the communication; Each member state creates its own law, according to the directive. In Portugal, you have to retain the data for one year. Best Regards, Luís Marta.
