Audit retention periods

AD

Administrators can define data retention settings so personal data in Network's audit logs is anonymized and is no longer processed. For example, administrators can set a retention period for all, or some logs, so personal data is anonymized after a defined period of time. All event data remains in the audit log, but any personal data is removed.

This feature protects the privacy of Network users and helps customers comply with the European General Data Protection Regulation (GDPR) to keep personal data for only as long as necessary.

Define a retention period

Administrators can specify if and when personal data should be removed for each type of Network audit log. For example, personal data in the Login Audit History log can be anonymized after 36 months, but personal data in the Search Audit History log can be retained indefinitely.

By default, all personal data in audit logs is retained unless you specify a log retention schedule.

Note: Personal data in logs that has been anonymized cannot be recovered.

To define retention periods for logs:

  1. In the Admin console, click Logs > Log Data Retention.
  2. For each type of Network log, choose one of the following options:
    1. No Data Anonymization - Personal data in the log will be stored for an unlimited period of time. This option is selected by default to ensure that your data is not anonymized without your input.
    2. Select Number of Months - From the list, choose a predefined time of 12, 24, 36, 48, or 60 months. For example, if you choose 24 for the Search Audit History log, personal data will be anonymized in any log events that are older than 24 months. To customize the schedule, choose Other.

      Values for the Other option must be positive integers greater than five months and less than 121 months.

    If you choose a log retention time period, a message displays so you will know when the logs will be anonymized.

  3. Save your changes.

Log anonymization jobs

Anonymization jobs run on the first day of each month. Jobs do not run until 24 hours after data retention settings are made. This buffer time ensures that you have time to make changes to the settings without accidentally anonymizing the logs.

Buffer time examples

  • If you make changes on September 29th, the next anonymization job runs on October 1st.
  • If you make changes on September 30th, the next anonymization job runs on November 1st.

Anonymized log data

After an anonymization job runs, the following data is masked in the applicable logs:

  • User names (Network and Veeva CRM) - Removed from all logs. However, logs with the user name "System" are not anonymized. These logs are not considered to have personal data because the information cannot be used to profile a user.
  • Source IP address - Removed from Login Audit Logs.

Anonymized logs display in the Network UI and can be exported, but personal data in any columns is replaced with "Anonymized Data."

Auditing log retention changes

The System Audit History itself logs any times when an anonymization job has run and any changes to data retention settings.