Companies specializing in software products and services sometimes collect information regarding the usage of their products and services. This usage information may include user information such as names and email addresses, user device data, location data, cookies, and anonymous identifiers. Information may be collected in the form of server log files and analyzed to improve existing products and services as well as to develop new offerings.
For privacy concerns and regulatory requirements, usage log data undergoes an “anonymization” process which involves modifying certain fields in the log records to reduce the likelihood of identifying users through the log files. Modified fields may include users' IP addresses and cookies. Sometimes users request that their personal information be deleted entirely from the logs of a product or service. After receiving such a request, a product or service deletes all of the requesting user's information.
Additionally, companies may occasionally receive legal hold requests for placing server log data on a legal hold, meaning that the data identified by the legal hold is relevant for a pending litigation, audit, government investigation, or other legal matter. It is important for the identified data to maintain its integrity from the date the legal hold was applied. Therefore, data identified by a legal hold should not be deleted or modified for a date range for which the legal hold is valid. For example, the legal hold may start today and last for two months. The integrity of all data within the server logs that matches the criteria of the legal hold should be preserved for the specified time period of two months. In addition to legal hold requests, a company may proactively choose to retain certain log data for internal analysis.
However, as discussed above, server log data for products and services may be subject to modification. Since data on legal hold/proactive hold is not permitted to be modified or deleted, in customary systems, a separate physical copy of the data is created for the server log data that matches the legal hold/proactive hold criteria.