Industry Solutions - Telecommunications
Telecommunications providers worldwide sit on a vast amount of sensitive data ranging from phone records to Internet activity. This data is frequently the subject of access and retention requirements imposed by government authorities.
Constantly shifting government regulations within a global environment make compliance even more difficult. Telecom companies often walk a fine line between maintaining the privacy of certain customer records while providing information about others under legal mandate.
The European Union (EU) Data Retention Directive sets mandatory requirements for ISPs and telecoms for the collection, retention and retrieval of communication records – including IP addresses – within the 25 EU member countries.
In the U.S., the Communications Assistance for Law Enforcement Act (CALEA) requires telecommunications service providers to ensure that their equipment, facilities, and services are able to comply with authorized electronic surveillance. CALEA also requires telecommunications service providers to file information with the Federal Communications Commission (FCC) regarding the policies and procedures used for employee supervision and control, and to maintain secure and accurate records of each communication interception or access to call-identifying information.
Homeland Security Influence
Related regulations associated with lawful interception include Title III, USA PATRIOT Act, Homeland Security Act, and Patriot II. These, along with state and local public utility commission regulations, require that telecom companies constantly reevaluate their risk tolerance and the need to address a variety of existing and new compliance requirements.
Further compounding the challenge is the fact that such providers often store data subject to regulations specific to that data such as the Health Insurance Portability and Accountability Act (HIPAA), Sarbanes-Oxley (SOX), and the Payment Card Industry (PCI) Data Security Standard (DSS). As such, they must be fully in compliance with those regulatory strictures.
Much of what is written about privacy and compliance relating to this type of data focuses on active data and the various ways it can and should be transmitted or processed.
But, what of data that is no longer active? For example, data on failed or obsolescent disk drives or data on tape cartridges that have outlived their usefulness. This data can pose every bit as great a risk as data that is still live, yet it is often carelessly handled. Even worse, given that data in tape archives can fall under eDiscovery.
PeakData has developed the people, processes and technology to address these challenges with proven methodologies for disk and tape eradication, tape indexing, classification and conversion that mitigate risk for telecommunications companies while maximizing the economic value of retired storage assets.