CNIL releases draft recommendation on retention of traceability data
On May 28, France’s data protection authority, the Commission nationale de l’informatique et des libertés, launched a public debate over its draft recommendation relating to terms of retention and use of data logs. According to the CNIL, maintaining data logs is an essential tool for respecting the security of processing personal data, provided for in Articles 5 and 32 of the EU General Data Protection Regulation.
In its draft recommendation, the CNIL underlines one of the purposes of data logs, particularly in multi-user systems, is to ensure traceability of access and actions on the information systems within an organization facilitating security policy compliance. A data log can help during a security event (i.e., intrusion into computer systems or misuse of data processed by authorized persons) for purposes of flagging events, detection and forensic investigations.