If you’ve checked the news in any way today you’ll probably have heard about the change to the law that will, from the 15th March, oblige all Internet Service Providers (ISPs) to keep a log of all emails exchanged through their system. ISPs won’t be obliged to keep the contents of those emails, just who sent a message to whom and when. These records must be kept for a year, and disclosed to the government, police or any other public body which makes a lawful request.
The lack of privacy associated with this EU led decision has got various groups up in arms, from Human Rights activists to those who point to our government’s recent failings with regard to data security. What I’d like to cover here though is what this means for our clients, and us.
The email messages you send through Sign-Up.to, whether as a large campaign or as the result of an auto-responder you’ve set up, are all logged. This has always been the case and will always have to be – we need this information to present your tracking information and to permit you to exclude recent recipients. So in that context this is a law that we already adhere to.
The law affects us in another way that’s perhaps not so obvious. We send millions of emails a week (all logged as mentioned) from our servers located in three UK datacentres. For redundancy, each data centre has more than one internet service provider. As a data centre user we can do some digging and find out exactly who those suppliers are, but what’s important to us is that we are presented with a fast, dependable connection by the data centre. So in our scenario, who is the ISP responsible for logging our mail?
We considered this for a while, and decided that the safest bet was to ensure we logged everything, including our own corporate @sign-up.to email. We’ve always done this too, as I imagine do most corporations. They’ll either have a perpetual retention policy, or a fixed retention policy. Those who don’t are likely to have their email requirements outsourced.
The chances are then that unless you happen to be an ISP, you don’t need to do anything to comply with the law. Which is good, so now you can chose to worry about the privacy and data protection aspect, or indeed, what you’d like for dinner.