CDPSE · Question #182
What would be the BEST reason to include log generation in the design of a system from a privacy perspective?
The correct answer is B. Facilitate early detection of abuse or misuse of the data that a system processes.. Logging system operations related to personal data primarily serves a proactive privacy purpose by enabling early detection of unauthorized access or misuse before harm to data subjects escalates.
Question
What would be the BEST reason to include log generation in the design of a system from a privacy perspective?
Options
- AAllow to save the evidence of all operations carried out with the system.
- BFacilitate early detection of abuse or misuse of the data that a system processes.
- CFacilitate the recovery of information in case of system damage.
- DInvestigate fraud after it has occurred.
How the community answered
(28 responses)- A18% (5)
- B71% (20)
- C4% (1)
- D7% (2)
Why each option
Logging system operations related to personal data primarily serves a proactive privacy purpose by enabling early detection of unauthorized access or misuse before harm to data subjects escalates.
Saving evidence of all operations is a forensic and audit goal, which is reactive rather than the best privacy-oriented reason for including log generation in system design.
From a privacy-by-design perspective, logs allow organizations to detect anomalous access patterns, unauthorized queries, or data exfiltration attempts in near real-time, enabling timely intervention. This proactive detection capability directly protects data subjects and is the most privacy-centric justification for building logging into a system's design.
Facilitating recovery of information in case of system damage is a business continuity and availability concern, not a privacy rationale.
Investigating fraud after it has occurred is a reactive security measure and does not represent the best privacy-oriented justification for proactive log generation.
Concept tested: Privacy by design - logging for proactive data misuse detection
Source: https://www.enisa.europa.eu/publications/privacy-and-data-protection-by-design
Topics
Community Discussion
No community discussion yet for this question.