CopperEye identifies data-retention issues
Data management vendor CopperEye outlines key points for UK internet data legislation
LONDON - In response to the UK Home Office's approach to the second phase of the European Union's Data Retention Directive - focused on online security measures - data management and compliance software firm CopperEye has identified a number of key issues to consider when the legislation is translated into UK law.
The first phase of the EU directive came into force in October 2007, requiring phone companies to retain fixed and mobile data, while the second phase has extended requirements to include internet communications, including email event data, to be retained for police and government use.
Duncan Pauly, CopperEye's chief technology officer, lists five key considerations for communications providers.
The first is tightened security to meet compliance requirements and ensure data is securely retained to prevent unauthorised access. An automated system is needed to destroy data once it has fallen beyond the retention period.
The second is proportionate access - in that only the relevant information for a specific investigation should be disclosed, minimising potential exposure of any other information held.
Legal evidence and timeliness are the third and fourth considerations - making sure information disclosed is accurate and complete to avoid unnecessary or inappropriate investigations, and collected and disclosed quickly to prevent delays in investigations.
Fifth is the total cost of ownership, to deliver long-term value for the service provider, with proportionate costs of hardware, implementation and maintenance of the compliance system.
"Providers should consider that existing systems might not have the capability to comply with new legislative requirements," says Carmen Carey, chief executive officer of CopperEye. "Unlike telecommunications companies that usually have extensive data-management capabilities, many internet service providers are smaller and are not able to manage the volumes of data this directive demands."
"Therefore, they must implement a data-management solution that is appropriate to their size and needs, and leverage the most appropriate technology to satisfy the European Union Data Retention Directive requirements. Further, providers must turn to solutions that are proven to support the directive and that are compliant with the European Telecommunications Standards Institute - anything else is an expensive compromise," says Carey.
Only users who have a paid subscription or are part of a corporate subscription are able to print or copy content.
To access these options, along with all other subscription benefits, please contact info@risk.net or view our subscription options here: http://subscriptions.risk.net/subscribe
You are currently unable to print this content. Please contact info@risk.net to find out more.
You are currently unable to copy this content. Please contact info@risk.net to find out more.
Copyright Infopro Digital Limited. All rights reserved.
As outlined in our terms and conditions, https://www.infopro-digital.com/terms-and-conditions/subscriptions/ (point 2.4), printing is limited to a single copy.
If you would like to purchase additional rights please email info@risk.net
Copyright Infopro Digital Limited. All rights reserved.
You may share this content using our article tools. As outlined in our terms and conditions, https://www.infopro-digital.com/terms-and-conditions/subscriptions/ (clause 2.4), an Authorised User may only make one copy of the materials for their own personal use. You must also comply with the restrictions in clause 2.5.
If you would like to purchase additional rights please email info@risk.net
More on Operational risk
Integrated GRC solutions 2024: market update and vendor landscape
In the face of persistent digitisation challenges and the attendant transformation in business practices, many firms have been struggling to maintain governance and business continuity
Vendor spotlight: Dixtior AML transaction monitoring solutions
The Chartis Research report, AML transaction monitoring solutions, considers how, by working together, financial institutions, vendors and regulators can create more effective anti-money laundering (AML) systems.
Financial crime and compliance50 2024
The detailed analysis for the Financial crime and compliance50 considers firms’ technological advances and strategic direction to provide a complete view of how market leaders are driving transformation in this sector
Automating regulatory compliance and reporting
Flaws in the regulation of the banking sector have been addressed initially by Basel III, implemented last year. Financial institutions can comply with capital and liquidity requirements in a natively integrated yet modular environment by utilising…
Investment banks: the future of risk control
This Risk.net survey report explores the current state of risk controls in investment banks, the challenges of effective engagement across the three lines of defence, and the opportunity to develop a more dynamic approach to first-line risk control
Op risk outlook 2022: the legal perspective
Christoph Kurth, partner of the global financial institutions leadership team at Baker McKenzie, discusses the key themes emerging from Risk.net’s Top 10 op risks 2022 survey and how financial firms can better manage and mitigate the impact of…
Emerging trends in op risk
Karen Man, partner and member of the global financial institutions leadership team at Baker McKenzie, discusses emerging op risks in the wake of the Covid‑19 pandemic, a rise in cyber attacks, concerns around conduct and culture, and the complexities of…
Moving targets: the new rules of conduct risk
How are capital markets firms adapting their approaches to monitoring and managing conduct risk following the Covid‑19 pandemic? In a Risk.net webinar in association with NICE Actimize, the panel discusses changing regulatory requirements, the essentials…
