Although it has taken nearly a week to appear online, after having been "laid before parliament" last Thursday September 11th, the Anti-terrorism, Crime and Security Act 2001 Statutory Instrument i.e. the Retention of Communications Data (Code of Practice) Order 2003 and the the actual Code of Practice is, for now, at:
This Voluntary scheme of Data Retention has found no favour with the Telecommunications companies and Internet Service Providers, and is therefore likely to be replaced with a Compulsory scheme, powers for which are already in the Act..
Your internet and phone Communications Data is supposedly just "itemised billing" type data will be retained for longer than would otherwise be permitted under the Data Protection Act.
In practice the consultation document, and the now published Voluntary Code of Practice are not specific or detailed enough to say exactly which data is to be retained and for how long.
N.B. The ATCSA, despite being rushed through Parliament in the immediate aftermath of September 11th 2001, is not just about terrorism:
The Act establishes the framework for communication service providers to retain data for the purposes of safeguarding national security and for the prevention or detection of crime and prosecution of offenders which may relate directly or indirectly to national security.
That means it will be used for any crime not just for national security
"All terrorists are criminals. Let's snoop on all criminals. All terrorists and criminals are members of the general public. Let's snoop on all members of the general public - for the sake of national security"
We will be publishing another of our "Privacy Polemics" on this complicated and far reaching topic very soon.