|
|
|
|
|
|
by TangoTrotFox
2801 days ago
|
|
|
Logs with personal information anonymized are still just as useful for security and other system audits. You would be able to clearly see unauthorized access of A from B, even if A and B could no longer be identified. And you're ignoring the biggest risk here. If this defense of claiming 'we see there was a trivially exploited issue to allow unauthorized access to data users had marked as private, but we threw away all logs so we can't be expected to see if it was exploited, or be held to any level of accountability' passes for acceptable, it's going to set a far worse precedent than any sort of legal action. Get hacked? Worried about regulatory requirements? No problem, just migrate to a two week cycle of completely deleting all logs, patch it, and stall for 2 weeks. There, you can now hoenstly say you have 'no evidence this attack ever happened.' |
|
|