View Full Version : Legal obligations of a web service?

03-27-2012, 08:24 PM
With all the fun goings on with websites like Twitter being subpoenaed for records at least six months cold, I have been wondering if there is a repository or listing of all the legal requirements of a commercial website?

For instance, how long do transaction records have to be kept? Is it a requirement to log all IP addresses and which accounts they access? Does all user submitted data have to be logged, and, if so, to what detail?

Personally, I only log data that I am actually going to use for system security, so something like a personal-message gets deleted after it has served its purpose, but I am beginning to question the legality of that attitude.

Any direction would be helpful...well as helpful as regulatory law ever is for that that are regulated.

04-13-2012, 02:55 AM
Who says you have to keep a record of everyone and anyone for a certain amount of time?

If it's government then yes, but a business or personal?

04-13-2012, 03:08 AM
IANAL, but my general understanding is that data retention policies can be anything you want, so long as you consistently enforce them.

So, for example, if you have a company policy that says "all emails over 2 years old must be deleted", then you get a subpoena for emails from 10 years ago, so long as you actively tried to enforce your policy (i.e. you reminded employes to delete old emails every few months), you have no obligation to produce or try to produce records outside of your standard policy.

The key is to 1) have a policy and 2) make reasonable efforts to enforce it.