"Report: Online black market for personal data thriving" (EurActiv, 16 April 2009) building on the Symantec report for 2008.
as long as data is detained/retained, risks about its use exist. Hence the interesting step taken by a Swedish ISP which destroys its data as it has no obligation to keep (just that of handing it in) "Swedish ISP Starts Deleting Log Files To Protect Users From IPRED Law" (TechDirt, 17 April 2009). It is certainly the safiest option, providing one cannot read on the computer disk image with specialised softwares of course!
But no doubt a new law will require retention of data, like the French law which nonetheless is so vague (no statutory instrument enacted to give details of what should be retained) that it creates uncertainties about what should be kept. "Vivement la publication du décret de l’article 6-II de la LCEN sur la conservation des données d’identification ! " (Juriscom, 25 March 2009)