You can track them internally (pass through in process/request flow), but have 2... | Hacker News

Hacker Newsnew | past | comments | ask | show | jobs | submit

		galkk on June 26, 2024 \| parent \| context \| favorite \| on: Structured logs are the way to start You can track them internally (pass through in process/request flow), but have 2 version of logs: pii and non-pii, and store pii in pii logs, with much stricter access restrictions. This alone considerably mitigates problem, as often you don't need details like userid to troubleshoot.

gregoryl on June 27, 2024 [–]

But how does that help with compliance? You can still very easily identify the data right?

zizee on June 27, 2024 | [–]

Isn't deleting the PII associated with a user id sufficient?

ibotty on June 27, 2024 | | [–]

Often it is not because you'll likely be able to correlate.

Guidelines | FAQ | Lists | API | Security | Legal | Apply to YC | Contact