[Dshield] Fed Bill Would Restrict Web Server Logs
vancel at winfreeacademy.com
Tue Feb 14 19:30:25 GMT 2006
Paul Marsh wrote:
>I'd love to know what got Mr. Markeys pants all in a bunch? I'm not a
>lawyer and nope I don't play one on TV but it looks a little weak.
>SEC. 3. DESTRUCTION OF DATA WITH PERSONAL INFORMATION BY INTERNET
>An owner of an Internet website shall destroy, within
>a reasonable period of time, any data containing personal
>information if the information is no longer necessary for
>the purpose for which it was collected or any other legiti
>mate business purpose, or there are no pending requests
>or orders for access to such information pursuant to a
>What's "reasonable period of time"?
>Who determines when "the information is no longer necessary for the
>purpose for which it was collected"?
Reading just that passage almost makes it seem like you can still use
your data as you see fit, but you can't just store the logs forever. To
me, a reasonable amount of time is the amount of time it takes for
someone to realize that something happened. I figure giving them about
4 weeks is good, so my logs have 4 weeks worth of rotation then they go
bye-bye. If your web site has more data that may not be noticed for a
year, then I'm sure you could keep your logs for a year. I'm also
pretty sure that if it's documented in your data/backup policy manual
and you state the reason for the extensive backups, you'd have
absolutely no worries.
Then the clause that says "the purpose for which it was collected" could
easily be "we collect the web server logs for historical statistical
data so that we can determine how our web site was used since its
creation." Then you'd be allowed to keep your logs forever. :)
But then how many web servers collect personally identifiable
information and put it into their logs? I'm talking about information
that could be used for identity theft as what meets the criteria for
"personal information", and that's probably what they want to prevent.
Winfree Academy Charter Schools
More information about the list