The document discusses data retention policies in the UK following the September 11th attacks. It outlines legislation introduced in 2001 allowing communication service providers to retain user data for purposes related to national security. An EU directive from 2002 permits member states to require limited data retention by law. UK regulations exempted national security from data retention limits. Proposed voluntary and mandatory codes of practice outlined retaining subscriber and call data for up to 12 months, but faced opposition from privacy groups and ISPs. Parliament recommended dropping mandatory retention plans and developing an appropriate alternative with industry. The Home Office maintained data could still be accessed for security purposes if retained voluntarily. Remaining questions concerned reconciling data retention with privacy rights and acceptable costs.