Expected implementation date for Telephony Data
The Directive will be implemented by 4 May 2008. However, rules on the retention of telephony data have been introduced in the Anti-terrorism Act. (Article 6 requires providers of publicly available electronic communications services or any public communications network within Italian jurisdiction to retain telephone traffic data which allow the traceability of access and services used until 31 December 2007. The article overrules any other legislation which requires the deletion of data.)
Are there any specific security requirements?
No specific security requirements are stated in the Anti-terrorism Act. Currently, data must be handled in accordance with the security provisions on processing personal data as set forth by relevant Italian legislation, namely, D.Lgs. 196/2003 (such as, computerised authentication, implementation of authentication credentials management procedures, use of an authorisation system, etc.).
The Italian Data Protection Authority is expected to issue regulations regarding the retention of traffic data (Italian Data Protection Code, sect. 132, and the Anti-terrorism Act). Currently the rules issued by the Italian Data Protection Authority apply.