I was curious about this. I knew that logged data has to be turned over if there is a warrant. I wasn't sure if logging was mandated.
I found this article [0] describing the situation in various countries, with the following info for the United States:
> Data Retention Period = 1 Year for Internet metadata, email, phone records
> Authorization required to access the data = Various United States agencies leverage the (voluntary) data retention practiced by many U.S. commercial organizations like Amazon through programs such as Prism and Muscular.
> Status Of Data Retention Regime = No mandatory data retention regime
I'm guessing the above means that metdata (user ip and also user web and email destinations) are held for a year, but retaining actual user data (email contents, etc) is not mandated.
I found this article [0] describing the situation in various countries, with the following info for the United States:
> Data Retention Period = 1 Year for Internet metadata, email, phone records
> Authorization required to access the data = Various United States agencies leverage the (voluntary) data retention practiced by many U.S. commercial organizations like Amazon through programs such as Prism and Muscular.
> Status Of Data Retention Regime = No mandatory data retention regime
I'm guessing the above means that metdata (user ip and also user web and email destinations) are held for a year, but retaining actual user data (email contents, etc) is not mandated.
[0] https://www.privacyend.com/mandatory-data-retention/