As you might have read in the papers, seen on TV etc etc, the government has announced proposals for a massive database to store the details of all phone and VoIP calls, text messages, emails, and internet usage made by UK citizens. The big question is whether the forthcoming draft of the Communications Data Bill will also include corporate emails, calls and other forms of communication, as this could impact your data retention policies and affect security risk management strategies.

If the idea is merely to tap up the telcos and ISPs for their logs on these sorts of communications then it’s probably fair to say that as long as you keep a careful eye on your outbound comms channels – and have the technologies and rules in place to monitor and block any use of consumer tools such as webmail, public IM etc for work purposes – corporates need not worry too much about the logs of any of their communications ending up in the hands of the government.

Speaking to a Home Office spokeswoman though, I was told that the bill could potentially cover all forms of communication. Although she was keen to stress these were still proposals at present, and may not even reach the draft bill stage, it’s food for thought for CIOs. Many organisations, especially those not already highly regulated, may not have the technologies and processes in place to store the records of their internal communications and those between the organisation and third party business partners. And for those that do, how easy will it be to integrate with current disaster recover and data retention policies. If some of that data is required by industry regulators to be destroyed after a certain time frame, how will that tally with the government hanging on to it for as long as it likes? At the moment, no time length has been specified, although telcos currently have to hold on to phone call and text details for at least 12 months.

In a way it’s a shame we should be so horrified to think this kind of data could end up in the hands of the government. But as recent incidents have shown, for whatever reasons it doesn’t always guard data as carefully as perhaps it should. It’s probably a case of watch this space with baited breath until more details are released.