The reality is, as usual, more complex than that. In December 2006, the U.S. government changed the Federal Rules...
of Evidence for electronic data, and these rules were picked up by most of the states as well. The most relevant of these changes was that not only do electronic files themselves fall under the scope of discovery, but also any and all meta data, which includes logs.
This means the company must ensure log data is properly maintained under a written document-retention policy and that it's clear which relevant files may correlate with the logs. This is important because during a civil litigation procedure, the organization must know which logs to produce for the lawyers and which logs not to destroy as part of the usual document destruction process.
This is just a long and fancy way to say you should talk to your organization's lawyers and make a decision about how long to retain logs on the basis of their advice.
For more information:
- Learn how to estimate log generation rates with this expert advice.
- Looking to review system event logs? Check out this tutorial on Splunk.
Dig Deeper on Data security technology and strategy
Related Q&A from David Mortman
Do U.S. passport numbers count as personally identifiable information? Learn more about guidelines for PII in this security management expert ... Continue Reading
Are merchants that fall under PCI DSS allowed to print full credit card numbers on a receipt? Learn more in this response from security management ... Continue Reading
Many companies are moving to a system of paperless paystubs. Learn how to protect the information contained in these email paystubs with the use of ... Continue Reading