Comment by pierrefar
15 years ago
Who's requiring them to retain anything? For 180 days?
And retaining for policing/security reasons doesn't mean you should use the data for other privacy-invading targeting.
15 years ago
Who's requiring them to retain anything? For 180 days?
And retaining for policing/security reasons doesn't mean you should use the data for other privacy-invading targeting.
Actually there's no law in the U.S. about data retention (E.U. has one) but companies keep the data for their own engineering and marketing purposes AND to stay in good graces of authorities. (The Patriot Act and ECPA, among other laws, specify what data has to be turned over with a lawful request, but they don't require any entity to actually have that info.)
Patriot Act compliance
see the Yahoo leak from cryptomeme http://cryptome.org/isp-spy/yahoo-spy.pdf
My wild speculation would be that (related to tc's above) it's a mutual "you scratch my back, I'll scratch yours" with the DOJ. I'd be surprised if there weren't regulations in place which required them to keep the data for that long.