[BlueOnyx:21888] Re: EU-DSGVO - anonymize ip addresses in apache logfiles / other logfiles?
Ken Hohhof
khohhof at kwom.com
Fri Mar 23 12:24:24 -05 2018
Here in the US of A, it seems common for big ISPs, content providers and hosting companies to retain log data for a long time, 1 year or more. I suspect this is more for LEA requests and copyright holder threat letters than for advertising and data mining revenue. My view is the opposite, if I no longer have the data, I can't be forced to cough it up, so delete it as soon as I no longer need it for a legitimate operational purpose.
It sounds like deleting logfiles containing IP addresses after a reasonable period like maybe 1 month would satisfy the EU requirements?
I know that low level LEA requests can come in 6 or 12 months after the fact. But terrorist, hostage, kiddie porn, soliciting minors for sex, etc will happen within hours or days. And any network attack investigations I will have completed in a month.
---- Original Message ----
From: "Michael Stauber" <mstauber at blueonyx.it>
Sent: 3/23/2018 12:00:37 PM
To: blueonyx at mail.blueonyx.it
Subject: [BlueOnyx:21887] Re: EU-DSGVO - anonymize ip addresses in apache logfiles / other logfiles?
Hi Dirk,
> So obfuscating must not be the solution. Hold it for some short time (maybe configurable) and inform what time will be good enough.
>
> Yes the deadline is 25th of May this year.
I'll see what I can do until then. It'll get to it after I wrap up the
Nginx stuff and that should still give me plenty of time to get it done.
--
With best regards
Michael Stauber
_______________________________________________
Blueonyx mailing list
Blueonyx at mail.blueonyx.it
http://mail.blueonyx.it/mailman/listinfo/blueonyx
More information about the Blueonyx
mailing list