Educause Security Discussion mailing list archives
network activity logging
From: Kevin Shalla <Kevin.Shalla () IIT EDU>
Date: Wed, 18 Sep 2002 09:13:25 -0500
Recently, we had a complaint about someone using one of our dial-up modems who was using threatening language in a chat room. We don't do sufficient logging to determine who it was. Is there any legal requirement to do sufficient logging, and is it advisable to do so? I remember advice (don't remember where) saying if you choose to create a policy of logging all activity that you are responsible for maintaining that, and providing access when subpoenaed, and if your policy is to not log activity you are absolved of that responsibility. What is the liability if someone on campus / accessing via a modem pool does something illegal - are we liable because we provide access, or are we liable because we don't provide information on who it was, or are we not liable? What do others do regarding this? How can we address privacy when the policy is to log activity? Kevin Shalla Manager, Student Information Systems Illinois Institute of Technology <mailto:Kevin.Shalla () iit edu> ********** Participation and subscription information for this EDUCAUSE Discussion Group discussion list can be found at http://www.educause.edu/memdir/cg/.
Current thread:
- network activity logging Kevin Shalla (Sep 18)
- <Possible follow-ups>
- Re: network activity logging Steve Worona (Sep 18)