Fwd: 23,000 IP addresses

[Luis Marta <luis.marta () gmail com>]

 On Tue, May 10, 2011 at 3:38 PM, Michael Holstein <
michael.holstein () csuohio edu> wrote:

> >
> http://www.wired.com/images_blogs/threatlevel/2011/05/expendibleipaddresses.pdf
> >
>
> The dates in the timestamps are back in February. We deleted those logs
> "..in the regular course of business.."
> a LONG TIME AGO.
>
> If you didn't do that, you really ought to ask yourself why.
>
> Regards,
>
> Michael Holstein
> Information Security Administrator
> Cleveland State University


In the EU you have Directive 2006/24/EC:
http://eur-lex.europa.eu/LexUriServ/LexUriServ.do?uri=OJ:L:2006:105:0054:0063:EN:PDF

Article 6 - Periods of retention
Member States shall ensure that the categories of data specified in Article
5 are retained for periods of not less than six months and not more than two
years from the date of the communication.

Article 5 - Categories of data to be retained
1. Member States shall ensure that the following categories of data are
retained under this Directive:
(a) data necessary to trace and identify the source of a communication:
(...) the name and address of the subscriber or registered user to whom an
Internet Protocol (IP) address, user ID or telephone number was allocated at
the time of the communication;


Each member state creates its own law, according to the directive. In
Portugal, you have to retain the data for one year.

Best Regards,
Luís Marta.