Back in April of this year the UK Home Office announced that all ISPs must retain their internet-related communication data for law enforcement authorities (LEAs) to gain access to the information that would help with a criminal investigation. The law, based on the European Union Data Retention Directive (EU DRD) requires ISPs to retain the data for at least six months, but for no longer than two years.
[…]
A typical ISP can expect to retain between 1 and 100 billion transaction records, and even a small provider with a 100,000 subscriber base can expect to retain around 2 billion records, which could put a significant strain on its IT resources. ISPs have just 18 months to ensure they are up to speed with the directive and between now and then there are a number of issues they need to address to ensure they observe the ruling in the smoothest and most cost-effective way possible, whilst taking into account all the security considerations that must be applied in their response.
Read more on Help Net.