What legal requirements (e.g., US federal retention laws) force carriers like Mint Mobile to keep customer records?

1. No single federal “keep everything” law — a patchwork of requirements

There is no single federal statute in the provided reporting that forces all telcos to keep all customer records for a fixed term; commentators and legal summaries describe U.S. rules as a patchwork with many sector- or activity‑specific retention duties rather than one national mandatory data‑retention law ^{[4] [5]}. Practical guides and vendors likewise note there is “no single data retention legislation in the United States” and that retention duties are scattered across federal and state laws and industry rules ^{[6] [5]}.

2. Regulatory and program-specific retention rules can apply

Certain federal programs and regulations do impose specific retention periods for records tied to those programs (example: recipients of federal awards often must retain records for three years under 2 C.F.R. §200.334), illustrating that where federal involvement exists, concrete retention windows may be mandated ^[7]. Industry and compliance guides also highlight that different federal statutes create retention obligations for specific records (tax, financial consumer compliance, etc.) even where telecom operational data is not uniformly covered ^{[8] [9]}.

3. Carriers’ public disclosures and self-imposed retention windows

Telecom providers routinely set internal retention policies and disclose them in privacy notices. Mint Mobile’s public filings and statements say they retain personal information “only as long as necessary” for business or legal reasons ^[2], and earlier FCC reporting shows Mint told regulators it may store location information and related data for up to 18 months ^[1]. Those internal choices reflect both business needs (billing, fraud prevention, customer service) and readiness to respond to legal process ^{[3] [2]}.

4. State laws and privacy statutes impose additional constraints or rights

State-level privacy laws — notably California’s CCPA/CPRA and many newer state privacy statutes — create obligations around collection, retention, minimization and user rights; industry overviews note a growing mosaic of state laws that affect how long companies can keep personal data and require disclosure of retention practices ^{[4] [10]}. Where state wiretapping or call‑recording statutes apply (e.g., California Penal Code §632.7 invoked in lawsuits), the legal disputes emphasize consent and notice requirements rather than an affirmative federal retention mandate ^{[11] [12]}.

5. Litigation, subpoena and law‑enforcement process drive retention in practice

Companies retain records to respond to subpoenas, warrants, government requests, and civil discovery; Mint’s privacy and children’s notices say they may retain data to “comply with legal and regulatory obligations” and to respond to government requests ^{[2] [3]}. Coverage of recent suits against Mint Mobile over alleged secret call recordings shows that state laws about recording and consumer protection can trigger damages and push carriers to preserve related records during disputes ^{[12] [11]}.

6. Competing viewpoints and implicit agendas

Privacy advocates argue mandatory retention regimes are invasive and dangerous (EFF’s critique of “mandatory data retention” proposals) and favor limits on government-compelled storage; industry and compliance voices stress the practical need for records for billing, fraud prevention and legal compliance ^{[13] [6]}. Policymakers and firms balance those tensions: advocates push for minimization; carriers and regulators point to targeted retention for accountability and public safety ^{[13] [4]}.

7. Practical takeaway for consumers and reporters

Available sources do not state a single federal statute that requires carriers like Mint Mobile to keep all customer call and location logs for a fixed national period; instead carriers rely on internal policies, state privacy laws, program‑specific federal requirements, and the need to respond to legal process — and Mint Mobile publicly discloses retention-for-business-or-legal-reasons and an FCC-reported 18‑month window for certain location data ^{[2] [1]}. If you need a definitive retention term for a specific record type (call detail records, CPNI, location, billing), consult the carrier’s privacy/terms pages and the specific federal or state regulation tied to that record — sources above show those are the relevant documents to check ^{[2] [14] [7]}.

Limitations: reporting assembled here is limited to the sources you provided; if you want statutory text or federal agency guidance beyond these excerpts, supply those documents or ask me to search broader sources and I will cite them.