In a simple way Logging means the detailed breakdown of all processing activities, in other words it means the information containing “who touched what data and for what purpose it was touched” Logging enables to monitor the system for inappropriate access and provides the information about the important process events such as change in state, warning, or errors.
The provisions of DPA under section 62 mentions about logging and its related compliance and it further states that a controller or processor must keep logs for at least the following processing operations in automated processing system –
- Collection
- Alteration
- Consultation
- Disclosure
- Combination
- Erasure
The logs of consultation/disclosure must make it possible to establish the justification for, and date and time of, the consultation and so far, as possible, the identity of the person who consulted the data and in case of logs of disclosure the identity of the recipient of the data as well.
The logs kept by Controller/processor may be used only for one or more of the following purposes-
- to verify the lawfulness of processing;
- to assist with self-monitoring by the controller or the processor, including the conduct of internal disciplinary proceedings;
- to ensure the integrity and security of personal data
- the purpose of criminal proceedings.
The controller or the processor is mandated to make the logs available to the Commissioner on request.
Picture Credit-https://www.logdna.com/