The ICO exists to empower you through information.

Logging

Share Download options

Pages

Format

At a glance

If you operate automated processing systems (any IT database), you must keep logs for at least the following processing actions:

  • Collection
  • Alteration
  • Consultation
  • Disclosure (including transfers)
  • Combination
  • Erasure

In brief

What is the purpose of logging?

It is to enable you to monitor and audit internal processing within any automated processing systems you use, and to know which third parties you have shared data with so that you can inform them of changes to the data should you need to. In addition, logging enables you to monitor systems for inappropriate access and/or disclosure of data, to verify the lawfulness of any processing, and to ensure the integrity and security of personal data. 

Example

If an officer or member of police staff is suspected of inappropriately accessing the Police National Computer to check on a neighbour, family member or friend, the logging should show what was available to them at the time, which will assist with any potential internal investigations.

The law enforcement provisions do not include a definition of ‘automated processing system’ however it is interpreted to mean any system that undertakes processing by automated means, and is likely to involve human interaction (for example input of or access to data) at some point.

If you operate automated processing systems (any IT database), you must keep logs for at least the following processing actions:

  • Collection
  • Alteration
  • Consultation
  • Disclosure (including transfers)
  • Combination
  • Erasure

It is important that you do not record the data itself in your logs of erasure, as there is no need to retain a duplicate record of what you have erased. The requirement is to produce metadata which displays, for example, what a specific person on a specific date erased. The ‘what’ does not have to detail the content of the record/information that has been deleted – it can simply record that record X was updated by a specific individual.

Logs must also record, where possible, the identity of the person who accessed (consulted) the data, the reason for the access, and the date and time of any associated action. You should also record the identity of any recipients, in cases of disclosure – this is particularly important as you will need to inform the recipients if you delete, amend or restrict the processing of this data following a request from the individual.

There are however limitations to what you can use logs for. Any logs that you keep for the above processing actions may only be used for one or more of the following purposes:

  • to verify the lawfulness of processing;
  • to assist with self-monitoring by the controller or the processor, including the conduct of internal disciplinary proceedings;
  • to ensure the integrity and security of personal data; or
  • the purposes of criminal proceedings.

You (and any associated processor) may be required to make these records available to the Information Commissioner upon request.