Announcement

Collapse
No announcement yet.

U.S. Data Retention Laws

Collapse
X
 
  • Filter
  • Time
  • Show
Clear All
new posts

  • U.S. Data Retention Laws

    What are the data retention periods by law for communications data?

    For example, how long IP address-subscriber information is retained? How long email account history is retained after deletion, for example after you delete your hotmail account?

  • #2
    In Australia for example there is a two year mandatory data retention law. In the European Union, mandatory detention is between six months and two years. Other countries have different times periods and most have no mandatory retention laws at all.

    In the United States, there are currently no specific "laws" (no mandatory data retention rules - all right wing attempts to pass such legislation have so far failed) about this sort of data and retention is done by the provider, voluntarily. For example, IP address data (correlating to the user and his identity and address) as you may know from the Modee VERO Guide are retained an average of six months by ISPs, but that is six months from the date of last use. Keep using the same IP address, do not give it up and the data will be retained indefinitely. The NSA supposedly maintains internet metadata for one year - corresponding to all internet use - but what exactly is in this metadata is a subject of dispute.

    The Modee VERO guide provides much more detailed information on staying anonymous than you will ever find posted in public.

    I've seen subpoenas from Google that include pages and pages of IP address data which lead me to believe that Google records each time you login to your email address, and the corresponding IP address. How far back they keep this data, I cannot say. It stands to reason that email services would keep this information for only a period of time or perhaps going back to only the last "X" number of logins. But, in the U.S. if you keep changing your IP address then the "six month rule" of how long that IP address even matters would apply - in other words, what difference does it make if an email provider has a record of all of your logins if most all of them correlate to some IP address that you have not accessed in over six months, and now belongs to someone else.
    Please read the forum rules before you post.

    And if you need extra help:
    Modee Tech Support

    Comment


    • #3
      How about when it comes to email account retention?

      I heard some people after going through lawsuits saying they were shocked about how no matter how long ago you deleted an email they can always be recovered.

      That sounds a little hard to believe that every email you ever sent is retained forever, other wise why would Microsoft warn that they delete your hotmail account and all content after you haven't logged in for a year? Or could it really be that even if you delete all emails and close your hotmail or gmail account, all those emails can still be recovered years later?

      Have you seen what anecdotal evidence suggests about how long email content is retained even after deletion?

      Comment


      • #4
        In the U.S.:

        I've seen criminal subpoenas on emails - there seem to be two storage houses for these, and also - how long emails are retained depends on the email provider. The first level of storage is with the email provider itself.

        I've seen both civil and criminal subpoenas (or criminal search warrants) where a provider claims it has no emails whatsoever after they have been deleted from the server. And then suddenly, somehow, the criminal subpoenas to the servers themselves or to the "backbones" that cover the servers somehow obtain emails that are years old that the provider claims did not exist.

        There is no uniform policy on this. It seems to me that the way these criminal subpoenas obtain the old emails that were deleted is from some record left behind as they pass through the internet.

        But on one level, if say a criminal investigation is being done, and the preliminary investigation shows no relevant emails (or for example relevant smart phone texts) in the inbox, then the investigating party may lack the probable cause to obtain a warrant for a further search.
        Please read the forum rules before you post.

        And if you need extra help:
        Modee Tech Support

        Comment


        • #5
          What do you mean by the distinction between the provider and the server? Say the provider we are talking about is gmail, they maintain their own server do they not?

          Have you seen cases come up involving the big email providers? How do they play out?

          That does make some sense though what you say since the server would maintain their own internet traffic history, but again this would probably be the same retention scenarios in that they are unlikely to be held forever.

          Comment


          • #6
            I am just saying that there is no set timeline for email retention. Forever is not the case, but somewhere between deleted as soon as deleted by user and five years is what I have seen, and it doesn't really matter what the provider is because as I've said - it varies and there is no defined policy for retention.
            Please read the forum rules before you post.

            And if you need extra help:
            Modee Tech Support

            Comment


            • #7
              Interesting! The general view is that PayPal and Amazon retain user information forever, have you seen anything to confirm or deny this?

              Comment


              • #8
                That information is in the Short List for Ebay/PayPal, and the AMZN account creation guide. It wasn't easy to obtain it either!
                Public information about Ebay, PayPal and Amazon is generally useless - Free EBAY, PayPal, Business and Law Forums - Ebay Suspension, PayPal Limited
                Please read the forum rules before you post.

                And if you need extra help:
                Modee Tech Support

                Comment


                • #9
                  Does that mean the answer is NOT forever? I recall PayPal stating that they retain user records and history indefinitely, is this not true?

                  Comment


                  • #10
                    Again, to get that answer, you need the Short List and VERO guides.


                    Not exactly relevant, but online data even after deleted seems to be maintained in many contexts.

                    http://finance.yahoo.com/news/expert...160545026.html

                    If you submit private data online, chances are it will never fully be deleted.
                    Please read the forum rules before you post.

                    And if you need extra help:
                    Modee Tech Support

                    Comment


                    • #11
                      What's the usual retention periods when it comes to banking records?

                      Comment


                      • #12
                        It appears the law on this is that banks must retain banking records for five years at least. Have you seen any subpoenas where banks have retained records far longer than five years?

                        Comment


                        • #13
                          Thanks for sharing that information with us. Yes, the U.S. law for bank account record retention is five years.

                          I am not personally aware of bank retention of closed accounts for any set period of time, but records for still active accounts I have seen records going back longer than five years on subpoena. I can't say how far back, because the subpoenas I have seen did not request the very oldest records.

                          Also it depends on WHAT records. The documents related to opening the bank account are maintained as long as the account is open, while records of transactions are required by law to be maintained for five years, although they are obviously kept longer than that on open accounts - for example, you may obtain records on your own open accounts going back seven years.

                          I suppose if you want to ensure eventual destruction of your bank records you had better first close the account, because banks are much less likely to maintain records past five years on closed accounts.
                          Please read the forum rules before you post.

                          And if you need extra help:
                          Modee Tech Support

                          Comment


                          • #14
                            In practice of course they can effectively retain any and all information they collected for as long as they like - the law is on the minimum retention period not the maximum, and the cost of data storage for most of these banks is a non issue.

                            Just to add something to a previous point in this thread, I did dig up my oldest Amazon account and found orders on there from more than 10 years ago which is the oldest I have, so I think Amazon has an indefinite retention policy. They may be less careful about keeping things like IP addresses which as you noted become irrelevant after a certain period, but it appears the majority of information is kept without limitation.

                            Comment


                            • #15
                              I have been doing some more research on what data internet companies retain. As discussed they retain who owned an IP address for a period of time, but do they also store what URLs you visited using their service and other browsing history? I've found varying information and opinions on this, does anybody know the truth?

                              Comment

                              Working...
                              X