|
|
|
|
|
|
by takeitto
2951 days ago
|
|
|
If you log for security purposes that is a "legitimate interest" which would allow you to keep doing that, provided: - You make a note that this data is being logged. - You state for how long this is logged (6 months is reasonable), and justify that time frame. - You state who else has access to these logs. - You state what steps you have taken to try to minimize unauthorized access to these logs. - In a register (these statements should be delivered on request of a law supervisor) you also provide your personal details, which users are affected by this data processing, and your goal (which should be something along the lines of: "fraud prevention and intrusion mitigation" to have legitimate interest. Expect big companies with law firms to push this "security interest"-angle hard, as they try to justify their data processing). Pretty reasonable, no? It would be nice if the large web logging softwares provide standard options to automatically limit disclosure of PII web logs. |
|
|