Practices Concerning the Retention and Destruction of NYU IT Log Data
System logs, also known as log files, are created automatically during system operation and contain entries about the events that happened in a system. NYU IT stores this information for NYU IT's specific business reasons or to satisfy legal requirements. Log files are considered to be Restricted data within the NYU Data Classification Table and are subject to institutional privacy requirements and retention and destruction requirements. NYU IT takes active measures to prevent unauthorized access during the retention period. Log files are purged after their business use is completed; business reasons include, but are not limited to, troubleshooting, collecting metrics on usage and activity, billing, documentation, electronic discovery requirements, and forensic investigation.
Purpose of this Document
NYU IT creates log files during the course of doing business. The practices described here inform system and security administrators of their responsibilities to safeguard the privacy of personally identifiable information (PII) that may have been captured in system logs that they handle, and to identify the retention and destruction rules for system logs on servers and networked devices that are owned and managed by NYU IT.
NYU IT has standards for retention and destruction of log file information. Log standards adopted across NYU IT produce numerous benefits, including an enhanced ability to comply with national and industry regulations and control standards covering log data retention, safeguard, destruction, and privacy, as well as compliance reporting, operational efficiency, security response, investigations, and other business objectives for IT, and cross-domain interoperability and reductions in the costs of storage, integration, and operations.
Scope of this Document
All individuals who are responsible for log files must follow these practices.
A. Retention of Log Files
Log files are historical digital records, created automatically during system operation, concerning the use and operation of a computer system or networked device, and necessary for system troubleshooting and analysis.
In setting the retention period, NYU IT has considered a variety of competing interests, including but not limited to, the need to maintain operational reliability and the importance of reducing opportunities for inadvertent disclosure of data.
In general, log files should not be retained beyond their usefulness or as required by applicable laws and regulations. Where no regulatory requirements exist, log files should be retained for not more than thirty (30) days. Exceptions, where log information is kept for either a shorter or longer period of time, may be granted on a case-by-case basis by the NYU IT Associate Vice President, Service, Security, & Compliance or other documented exception process.
If a log file contains relevant information that is useful for future reference or for a pending transaction, or is needed for documentation purposes, or could be used as evidence of a management decision, the specified log(s) should be retained. It is the responsibility of the NYU IT staff to move the specified log(s) to another NYU-IT-owned system for retention just before it has reached its maximum retention time. Additional retention time will not be provided to collect data needed for statistical log analysis and information needed for proper administration of systems.
Care should be taken not to retain unneeded log files. The cost of long-term retention can be significant and could expose the University to high costs of retrieving and reviewing the otherwise unneeded records in the event of litigation.
B. Destruction of Log Files
Log files must be destroyed when their retention time passes in accordance with the Data and System Security Measures which state that "System logs must be retained for 30-90 days and then destroyed unless further retention is necessary due to legal, regulatory, or contractual requirements." When specified for destruction, all originals, backups, and copies of logs should be destroyed. For this reason, log files should not be backed up to removable media and should stay on the centralized log server or the local file system of the machine on which they are generated. In addition, care should be taken to exclude log files from computer disk images.
Log files should be destroyed in the most destructive and economical way available.
C. Written Processes
Each computing group responsible for log files must establish, maintain, and make available in writing upon request to the NYU IT Associate Vice President, Service, Security, & Compliance a systematic process for the recording, retention, and destruction of log files in accordance with these practices. The destruction of logs must be postponed whenever a subpoena, discovery motion, or other legal notice is received. Such destruction also should be postponed if the material might be needed for an imminent legal action.