The government has published a draft of its forthcoming data retention laws for Internet providers (.PDF Copy Here), which will require UK ISPs to log basic customer web and email access activity on their networks for one year.

The publication forms part of the Home Office's consultation process and would replace an existing law that only applied to telecoms (non-Internet) firms. We covered this in more detail with our 'ISPs Raise Concerns Over Data Retention' article earlier this year.

Many people may also be concerned to learn that access to this data will be open to more than just the police. Bizarrely this would appear to include the Post Office, local council and health authorities. It's feared that this may open the door to abuse by corrupt officials and wider unwarranted invasions of personal privacy.

Happily the draft does not appear to expand upon an initial proposal for the creation of a centralised government database to hold said information, which raised more than a few eyebrows. Readers will recall the loss of several million government DVLA records, to name but one of several major privacy breaches. Suffice to say, few trust their ability to secure such a massive database.

To make matters worse, ISPs could find it difficult to gain compensation for the cost of storing all this data, unless the expenses have been notified to the Secretary of State and agreed in advance. Failing that, the government would not be obliged to provide reimbursement.

However, the law must still be passed by both Houses of Parliament, which may result in some amendments, before becoming law on 15th March 2009 as originally anticipated. Never the less, we fear that councils could end up using small mistakes, such as day late council tax returns or overly full rubbish bins, to unfairly begin snooping on private information.