On March 11, 2004, 13 bombs exploded throughout the Spanish capital of Madrid’s commuter train system, killing 170 people and destabilizing the region. The bombs were detonated using ordinary cell phones.

Mobile devices and wireless Internet access make it easier than ever for people to connect and share information. Unfortunately, these same advances also make it easier for terrorists, drug dealers and human trafficking organizations to plan and carry out their crimes.

So, in the fight against serious crimes, countries around the world are requiring communications service providers (CSPs) to retain communications data records and make them available to legal authorities on authorized request. Although such efforts serve as an important weapon in the fight against crime, they also pose major challenges for CSPs.

In 2006, the European Union (EU) adopted the EU Data Retention Directive, which mandated that all member nations implement data retention legislation by September 2007. Under the directive, CSPs operating in the EU must retail records for all it's communications services, including fixed and mobile voice, short message service (SMS), multimedia message service (MMS) and e-mail for up to two years. Similar rules are under consideration throughout Latin America, the Middle East, Asia and Australia.

This is no small challenge. A medium-sized European CSP might generate up to 200 million records a day and field thousands of law enforcement requests for data each month. That means collecting and storing enormous volumes of data that can be searched and retrieved quickly. And it’s estimated that a single request for data often takes CSP operators up to 90 minutes to fulfill. That not only means less responsive law enforcement, but with thousands of requests per month, it's a huge productivity drain for the CSP.

To answer those challenges, a CSP needs a comprehensive data retention system. It must be able to securely store all required data and integrate with existing infrastructure and business processes. At the same time, it must efficiently manage law enforcement data requests, all while complying with stringent data privacy requirements.

While specific data retention laws and requirements vary by country, CSPs should keep these core principles in mind when implementing a data retention solution:

• Understand the requirements. Know your obligations for data retention and privacy, in detail, before beginning a data retention initiative.
• Acknowledge the risk. Mishandling subscriber data poses significant legal and public relations risks. Non-compliance can create major financial penalties and business licensing issues.
• Think big. Data will grow with new services and increased usage, and law enforcement requests will grow, too.
• Simplify. Reduce the complexity of lawful intercept and data retention through consolidation and integration of supporting systems.

Specialized data retention systems can help CSPs comply with government mandates while empowering authorities to stop crimes. These solutions should be highly-scalable and capable of storing data for extended timeframes. They should support a variety of communications services, including fixed-line and mobile voice calls, MMS and SMS messaging, e-mail, and data from next-generation networks. And since authorities are increasingly dependent on the speed with which they can analyze data, real-time reporting is a high-priority feature.

Strong privacy features are critical to any data retention solution. Foremost, any solution should protect against unauthorized data access, which is achieved by strong system security controls and physically separating a CSP’s data retention system from the rest of its systems. Security controls should also include encryption, the use of user IDs and passwords, as well as activity logs and audit trails that track all user interaction with the system and data.

For more than 10 years, HP has worked with major CSPs throughout Europe, the Middle East and Latin America to design and implement sophisticated data retention solutions. HP’s Data Retention and Guardian Online (HP DRAGON) solution integrates easily into existing operations support systems (OSS) and business support systems (BSS) infrastructures, making implementations easier and less time-consuming. HP DRAGON also integrates with broader intelligence support systems. This allows CSPs to combine their data retention and lawful intercept request management applications into a single system, as well as integrate it with local and country-wide law enforcement systems.

Based on HP server and storage technologies, HP DRAGON is a highly-scalable data retention solution. It features powerful data collection functionally, the ability to efficiently manage data requests and a comprehensive set of built-in security features. HP DRAGON is a flexible platform that helps reduce overall data retention costs by improving operator productivity for lawful request management and reporting. HP DRAGON is supported HP’s worldwide services team, including HP corporate partners Oracle and Cisco.