Organisations need to carefully consider what they log, why they log it and how they process that log data, or data derived from logs.
Where safeguarding is a priority, the temptation for organisations to “log everything.. just in case” is the common default response,
but leadership and safeguarding professionals must be aware of and consider the rights and freedoms of individuals and strike an appropriate balance between implementing controls, monitoring and logging vs the real benefit towards a safeguarding outcome vs the rights and freedoms of individuals.
Nearly always, processing Internet traffic logs can reveal an individuals protected characteristics, such as sexual orientation, gender reassignment, pregnancy, religion or philosophical beliefs.
Additionally, data protection legislation details “special category data”, this places additional protections on the processing personal data relating to these protected characteristics, but extends that protection to Trade union membership, political opinions and affiliations and health information.
Organisations should also consider that “consent” to process this personal data cannot be freely given in an unbalanced relationship, such as between a pupil / student and a school / college, or an employee / employer, and therefore cannot be a lawful basis for processing this kind of personal data.
It is also not acceptable to take the view that “where safeguarding is concerned we will do whatever we like, as this reduces risk.”
Organisations must carefully weigh up what is necessary, appropriate and actually significantly useful for safeguarding vs the rights and freedoms of individuals and that includes the individuals being safeguarded, along side staff, contractors, guests etc.
Types of technology logs and the protected characteristics or type of activities they can reveal:
| Organisational Log Type. | Personal data Revealed: |
| Modern Firewall with website categorisation and URL / SNI Logging. Including Mobile phone data usage records. | Sexual orientation, “dating” application / site use, gaming or gambling use, health data, gender reassignment, religious affiliation, political affiliation, trade union membership / affiliation. Legal activity. Consumption / usage of streaming media, and categorised content consumption, quantity and time profiling of usage. Use of unauthorised cloud storage / backup / exfiltration of data. Social media and communication platform use. |
| Decrypting Internet web traffic. | As above, but more accurately, and additionally everything the user does in the Internet in as much detail as the organisation can store / process. |
| Web server and Application server logs, including ‘mar-tech’ and CDN logs. | Remote users device and browser profile, Location. Commercial VPN use detection, Employer(s) identification. Identification of user and other browsing history / activity. |
| Non-organisational Email metadata. | Sexual orientation, “dating” application / site use, gaming or gambling use, health data, gender reassignment, religious affiliation, political affiliation, trade union membership / affiliation. E-commerce activity details. Financial details. Legal activity indication or indication / content of other privileged communications. Personal relationships. |
| Non-organisational Email Content. | As for Metadata, but with as much details as the organisation can store / process. |
| Wifi / network equipment logs. | Device profiles for a users devices, Users Location and location history , including Guest users and therefor, who meets with whom and where, for how long, including, for example, revealing staff having sexual encounters in discrete locations, affairs, student relationships of all kinds. Detection of non registered devices, location and location history of those devices. Users and non registered devices / unknown users connecting to other Access Points / “Hotspots” including in private residences. Physical Location of other access points. Location of remote users. Who has a “Hotspot” on a mobile device, location and location history. May lead to inference-ability of protected characteristics. Australian university used Wi-Fi location data to identify student protestors |
| DNS Logs. | Logs all requests to may domain names to IP addresses. Sexual orientation, dating app / site use, gaming or gambling use, health data, gender reassignment, religious affiliation, political affiliation, trade union membership / affiliation. Legal activity. Consumption / usage of streaming media, and categorised content consumption, quantity and time profiling of usage. Use of unauthorised cloud storage / backup / exfiltration of data. Social media and communication platform use. |
| MDM Systems data / logs. | Detailed device details, Mobile network provider and settings, list of installed applications, may reveal all protected characteristics, financial provider affiliations, messaging applications used etc. |
| Organisational e-mail, collaboration and productive applications (Office 365, Google Workspace etc.) Data and Logs. Including virtual meetings logs and transcripts. | all communication between a user and everyone they communicate with, internally and externally, including many protected characteristics and other special category data. Working and activity patterns. Location of remote users. |
| Email Archive. | As above, but often with a “very long” to “forever” retention period, and super fast search. |
| Activity / Productivity logging software. | May log application use, keyboard and mouse use to track engagement with work over time, work applications etc. may also track other application and internet use, revealing protected characteristics. |
| Antivirus logs. | Malware / unwanted application activity on corporate devices, may lead to inferences of protected characteristics. |
| Cloud proxy / Internet security provider. | As for “Modern Firewall Logging”, may often be accompanies by Machine Learning or AI processing, which may lead to inferences of protected characteristics. |
| Door Access / Access control systems. | Users location and location history, Overlaps of users location, who is meeting whom, where, for how long etc. Time keeping. |
| CCTV. | Individual location and location history, record some activities. May also include members of the public, traffic. May be used to track engagement in the workplace, break activity etc. May lead to inferences of protected characteristics. |
| CCTV with AI / Facial Recognition / Activity Recognition. | As for CCTV, but with transcripts of times, locations, individuals and activities. May use ML / AI to infer protected characteristics. |
| PABX / Telephone / Mobile Phone call log data. | Communication patterns, Internal and External. |
| Recording of telephone conversations. | As above additionally can reveal private, personal and protected characteristic data, especially if accompanied by automated transcription. |
| Canteen / Cafe / Vending machines and Point of Sale transaction logs. | Eating patterns and behaviours, quantities consumed, vegetarian, vegan, may also reveal health data, eating disorders, diabetes etc. |
In most cases, these technologies and their data and logs have legitimate business purposes and potential for legitimate safeguarding purpose, but you can also see from this table, how over-collecting or even just processing this log data individually can be easily inappropriate or unlawful.
If you further correlate this data, that additional processing can also lead to inappropriate or unlawful processing, and bluntly: – violating the rights and freedoms of people is not safeguarding them.
Organisations must comply with data protection legislation and other human rights legislation with respect to processing this data:
Just stating “we do all this for the safeguarding of ….” or something similar, is insufficient and unlawful.
Establish the lawful basis for processing the log data, conduct realistic DPIA’s, record the processing activity, set retention periods, delete data after the retention period, have policies and procedures in place for securing the data, and accessing the data and balance the rights and freedoms of individuals concerned appropriately with the processing.
Our Products:
Consulting: – we can provide consulting services on all aspects of the topics discussed here, logging, data minimisation, effective use of logs, and compliance with relevant legislation.
Our commercial VPN blocking products include lists of hosts and domains to implement DNS blocking of these applications on a suitable DNS server and firewall deployments.
Our application control products include lists of hosts and domains to block in order to prevent access to blocked applications or services.
Our DNS control product includes lists of IP addresses to block traffic at the firewall to prevent access to common public DNS resolver services.
We can process firewall or other logs on your behalf, we can detect anomalous usage, commercial VPN usage, other violations of policy (configurable), custom detections etc. whilst protecting the rights of the individuals and system users.
Our firewall log reporting can produce safeguarding risk scores and reasons without disclosing excessive personal data.