As allowed by the Regulation of Investigatory Powers Act 2000 and the Telecommunications (Lawful Business Practice) (Interception of Communications) Regulations 2000, various information about the operation of the CUDN is logged and subsequently processed. Some of the information that is logged is classified as personal information in terms of the Data Protection Act 1998. This notice advises users of the CUDN what personal data is recorded, logged, and processed.
The Data Protection Commissioner has advised that, because an IP address can often identify a computer that is primarily used by an individual, data relating to an IP address should be treated as personal data.
Any of the information mentioned below may be used in the investigation of unauthorised use or misuse of the network and may also be used in the investigation of illegal activities.
1. The following information is logged as a matter of course from the CUDN for the purposes of ensuring the proper running of the CUDN, accounting network use, and planning changes to the CUDN:
- date and time of day
- source and destination IP addresses
- source and destination port numbers
- protocol type
- number of octets of data
- number of packets of data
This information is processed for accounting purposes by aggregating the port information.
The raw information is deleted within 30 days of its collection and the processed data is deleted within 90 days except when required as evidence or for the investigation of illegal activities.
2. A database of entities on the network is maintained on a software network management system. This information is used for diagnosis of network problems, tracking use of IP addresses, and further development of the network management system. The information that relates to end-stations is:
- identification of the entity
- IP address
- when last detected on the network
- the topological location on the network of the end-station
The information in the active database will remain there until superseded or deleted either manually or automatically. Snapshots of the database are taken from time to time and the snapshots may be kept indefinitely.
3. Exceptionally, information may be logged by network monitoring equipment and used to diagnose misoperation or failure of the network. The recorded information is searched for indications of errors or incorrect routing of network traffic. The information content of packets of data is not processed except where deliberate patterns of information have been used to identify diagnostic data for the investigation of network problems or when the information is required for evidence or for the investigation of illegal activities.
Except when the information is required as evidence or for the investigation of illegal activities, this information is not stored for more than 14 days.
Please send comments and corrections on this Web page by e-mail to Network-Support@ucs.cam.ac.uk.
Last updated 11 January 2013