telecommunications companies in member states to keep records of all
phone calls, email and Internet use records for between six months and
two years. The government of each member state will decide how long
service providers will be required to hold the data. Under the new
directive, service providers will be required to provide call records,
location data and Internet logs to law enforcement and intelligence
agencies upon request. Message content will not be recorded, but call
time, duration and other details will be. Governments will not be
required to reimburse service providers for the costs incurred by
complying with the directive.
From SANS News Bites with more here, here, here, and here. There was a huge push against this from multiple angles, but it seemed to have passed anyway. Data retention is a slippery slope that can make for some serious demands on technology. I'm sure storage vendors are rejoicing, but now security officers will have to have to become data warehousers. Well, we here in the states fault SOX for draining the IT budget, now Europeans will have this directive to blame for sucking up the IT resources for the next few years.