-
Research
and PublicationsStay -
Conferences
and EventsAnnual Conference
October 15–18, 2013
Save the date!Events for all Levels and Interests
Whether you're looking for a conference to attend face-to-face to connect with peers, or for an online event for team professional development, see what's upcoming.
Stay -
Career
DevelopmentEDUCAUSE Institute
Leadership/Management Programs
Explore MoreCareer Center
Leadership and Management Programs
EDUCAUSE Institute
Advanced Programs
Project Management
Jump Start Your Career Growth
Explore EDUCAUSE professional development opportunities that match your career aspirations and desired level of time investment through our interactive online guide.
Stay -
Focus Areas
and InitiativesLatest Topics
EDUCAUSE organizes its efforts around three IT Focus Areas
Join These Programs If Your Focus Is
Stay -
Connect
and ContributeFind Others
Get on the Higher Ed IT Map
Employees of EDUCAUSE member institutions and organizations are invited to create individual profiles.
Stay -
About
EDUCAUSEUncommon Thinking for the Common Good™
EDUCAUSE is the foremost community of higher education IT leaders and professionals.
Stay
Filter by type
Filter by Publications
Filter by Presentations
Filter by Library Taxonomy
- Mandatory Data Retention [x]
- Federal Policy and Law (21)
- Federal Privacy Law (21)
- Policy and Law (21)
- Campus Policy and Law (6)
- Campus Policies (5)
- Data Retention Policies (5)
- E-mail Policies (3)
- Information Systems and Services (3)
- Cybersecurity (2)
- Data Administration and Management (2)
- Electronic Records Management (2)
- Security Management (2)
- Advanced Networking (1)
- Compliance (1)
- Digital Libraries (1)
- Information Technology Management and Leadership (1)
- Networking and Emerging Technologies (1)
- Privacy (1)
- VOIP (1)
Summary
A recent proposal developed by Rep. Diana DeGette (D-Colo.) would require "each provider of Internet access services to retain records to permit the identification of subscribers to such services for appropriate law enforcement purposes." The proposal further states that "records shall . . . be retained for not less than one year after a subscriber ceases to subscribe to such services." Original reports suggested that the proposal would be offered as an amendment to a broad telecommunications bill in the House or as a stand-alone measure. However, the impetus for the legislation appears to be the combined influence of recently established broad data retention requirements in Europe and growing concerns about online child pornography in the U.S. Rep. Joe Barton (R-Tex.) has been holding a series of hearing recently on "Sexual Exploitation of Children Over the Internet" where he has asked the Government whether or not such a measure would aid law enforcement in its investigations. Additionally, Attorney General Alberto Gonzales recently gave a speech where he declared that data retention by Internet service providers is an "issue that must be addressed." The United States Internet Service Providers Association has expressed concern about the impact of the proposal, emphasizing their intentions to continue to cooperate with law enforcement as part of child pornography investigations.
Analysis and Implications for Institutions of Higher Education
The proposal, as written, would place new data retention requirements on colleges and universities. The proposed language defines "Internet access service" as "a service that enables users to access content, information, electronic mail, or other services offered over the Internet, and may also include access to proprietary content, information, and other services . . . " Colleges and universities in most cases act as the Internet access service for its students, faculty, and staff. The proposed language does not include "telecommunications services". The proposal would amend Title VII of the Communications Act of 1934 (47 U.S.C. 601 et seq.) and would require the Federal Communications Commission to develop corresponding regulations. The most serious concern is the ambiguity regarding the data to be retained, ranging from subscriber information (name, address, etc.) to the identification of users associated with IP addresses to detailed logs of user behavior. The Center for Democracy and Technology has outlined a series of concerns with the current proposal that in large part reflect the interests of institutions of higher education. Most notable among the concerns are: 1) data retention laws could be burdensome and costly, 2) data retention laws are unnecessary as authority already exists to preserve records, and 3) data retention laws threaten personal privacy and pose an information security risk.
Recommendations
- EDUCAUSE should informally survey its membership to better understand the range of data retention practices and policies currently in place and the implications of new mandatory data retention requirements.
- The higher education policy community should continue to monitor the movement of this proposal, obtaining intelligence from Congressional staff, Department of Justice, USISPA, and other sources as necessary.
- EDUCAUSE in collaboration with the higher education presidential associations should develop a policy position that reflects our ongoing commitment to assist law enforcement that without unnecessarily burdening our member institutions or jeopardizing the privacy of our constituents. The position or corresponding legislative proposals should be presented to Congressional staff or Committee staff at the appropriate time.
Library Items on this Topic
EDUCAUSE Library Items for Mandatory Data Retention
-
Mandatory Data Retention
-
Mandatory Data Retention True Summary A recent propo…
-
Lawful Access: Issues and Challenges for Universities
-
April 7, 2011
This presentation will focus on the discrete types of legal process or demands that universities are likely to see from law enforcement and civil parties ; the types of situations when such de…
-
Email & IM Retention Policy
-
February 23, 2011
This California State University East Bay policy establishes the default retention periods for email and instant messages retained on active servers. It also confirms roles and responsibili…
-
Central E-mail Archiving and Retention Services
-
February 23, 2011
This North Carolina State University page explains employee class codes and which ones are required to archive their e-mail. This North Carolina …
-
Data Minimization: Don't Keep It All Forever
-
April 13, 2010
|
A session at the Security 2010
Data at educational institutions multiply exponentially and, without proper management, can expose schools to major risks (data exposure, e-discovery expense, escalating storage costs, damage to in…
-
E-Discovery Guideline and Toolkit
-
August 14, 2009
This E-Discovery Guideline and Toolkit was developed by one of the Higher Education Information Security Council Sub Working Groups. This E-Disco…
-
Electronic Records Management Toolkit
-
August 14, 2009
Members of the Higher Education Information Security Council crated this toolkit to provide a practical set of resources that will assist members of the higher education community in addressing r…
-
E-Mail Archiving: All Things to All People
-
October 25, 2007
|
A session at the EDUCAUSE 2007 Annual Conference
Need to preserve selected records in accordance with your retention schedule, remove "old" e-mail from fast storage media, or keep a tamper-proof copy of all e-mail for legal compliance? …
-
Toward a U.S. Data-Retention Standard for ISPs
-
January 1, 2006
© 2006 Rodney Petersen EDUCAUSE Review, vol. 41, no. 6 (November/December 2006): 78–79 Toward a U.S. Data-Retention Standard for ISPs Rodney Petersen Rodney Petersen is …
-
Gonzales: ISPs Must Keep Records on Users
-
January 1, 2006
"Attorney General Alberto Gonzales on stepped up his efforts to lobby for federal laws requiring Internet providers to keep track of what their customers do online." …

















