Fwd: 23,000 IP addresses
luis.marta at gmail.com
Tue May 10 14:53:34 UTC 2011
On Tue, May 10, 2011 at 3:38 PM, Michael Holstein <
michael.holstein at csuohio.edu> wrote:
> The dates in the timestamps are back in February. We deleted those logs
> "..in the regular course of business.."
> a LONG TIME AGO.
> If you didn't do that, you really ought to ask yourself why.
> Michael Holstein
> Information Security Administrator
> Cleveland State University
In the EU you have Directive 2006/24/EC:
Article 6 - Periods of retention
Member States shall ensure that the categories of data specified in Article
5 are retained for periods of not less than six months and not more than two
years from the date of the communication.
Article 5 - Categories of data to be retained
1. Member States shall ensure that the following categories of data are
retained under this Directive:
(a) data necessary to trace and identify the source of a communication:
(...) the name and address of the subscriber or registered user to whom an
Internet Protocol (IP) address, user ID or telephone number was allocated at
the time of the communication;
Each member state creates its own law, according to the directive. In
Portugal, you have to retain the data for one year.
More information about the NANOG