I am a network admin at a hosting/ISP/Datacenter and have never heard of any laws governing how long to keep log files....
If you deal with HIPA (sp) or financial data I am sure regulations come into play.
I work for a national retalier and we do 7 years. I know of no law, I always assumed that the 7 years was having to do with credit card transactions how long debts are allowed to appear on credit reports... 7 years. I could be wrong though.
My customer doesn't keep logs, but every single email is archived, to eventually be turned over to NARA to be preserved literally until the end of time.
Logs are not the same as source data. Depends on the type of information, the business you're in, etc. GLB, HIPAA, SOX are principal drivers for storing logs. We set our policy to be <90 days for logs.
But...there are certain types of data (email, voicemail), where we keep the data far longer than the access logs. That and when we respond to litigation or internal investigation requests to collect and keep all logs related to certain employees.
The statue of limitation for log storing in case of legal battle is 2 years, after that, you can't sue. That's in GA, I don't know for the rest of the country.
Originally posted by: FreshPrince
The statue of limitation for log storing in case of legal battle is 2 years, after that, you can't sue. That's in GA, I don't know for the rest of the country.
Statute of limitations doesn't apply to ongoing litigation, just to the beginning (filing) of the suit. Then we requested by internal counsel to maintain logs related to that action until it has been resolved.
Not log related, but when the SEC issues you a company-wide order saying "You must keep all documents related to xxxx"...then you do it! (No Enron here!)
This site uses cookies to help personalise content, tailor your experience and to keep you logged in if you register.
By continuing to use this site, you are consenting to our use of cookies.