Pseudonymizing Log Entries with time-selective Disclosure

Abstract

Centralized logging of entries containing personally-identifiable data, like IP addresses, is common. However, this chances that persons other than the operator of the individual server might obtain access to these logs and then disclose or use them. Additionally, the GDPR recommends as a security measure pseudonymization, i.e. splitting the information into two parts. This article describes a method to pseudonymize personal information in elements stored in a time series. After a predetermined time, the information can be automatically anonymized without requiring any changes in the stored entries themselves. Additionally, some statistical analyses remain possible, as the same values are encoded with the same pseudonym. It is also possible to disclose an arbitrary time period from within the log file: everything after the start time and before the end time can be de-pseudonymized, but the rest of the data remains anon-/pseudonymous.