On Aug. 8, U.S. Senator Ron Wyden sent a letter to the CEOs of telecommunications providers Sprint Corp.; T-Mobile USA, Inc.; Verizon Communications Inc.; and AT&T Inc. asking them to “protect your customers’ privacy — and U.S. national security — from foreign hackers and spies by limiting the time you keep records about your customers communications, web browsing, app usage, and movements.”
The letter asserts that the U.S. Federal Communications Commission requires carriers to keep records dating back 18 months, but AT&T allegedly retains customer information for up to 20 years. Wyden called this “unnecessary” and suggested a retention period of a few weeks or just a few days. The European Union’s GDPR governing data in the EU has much shorter retention periods – for up to one month in most cases – but absent regulation stipulating companies handle certain information differently, the U.S. must rely on written requests sent to companies as a way to advocate for more privacy.