On 15 March 2009, the much debated EU Data Retention Directive, which states that ISPs must store information about their customers surfing habits for a year, comes fully into force.
The data kept by ISPs will identify the user, the time and the means of communication, to aid the investigation of serious crimes.
Already a source of much controversy, the Data Retention Directive has provoked criticism from EU member states over the cost of the operation, estimated at £46m over an eight year period, as well as fears of privacy violation.
Jamie Cowper, director of marketing at PGP Corporation, said it was hardly surprising that concern has been raised over these proposals, given the numerous data breaches of late.
"With public confidence about data security at an all time low, it is absolutely essential that ISPs take their obligations seriously," Cowper said.
"If privacy violation is to be avoided, and the huge cost of this operation is to be justified, then the security of the public’s data must be watertight."
Cowper said that at the very least proven technologies such as encryption had to be deployed to safeguard the data.
“After all, if the EU plans to roll out similar legislation to other sectors, it is going to have to demonstrate to the public that every step is being taken to defend their data," he added.
"If not, it is fair to say that we are just one data breach away from a major public backlash.”