Usage Log Data Management Working Group

The usage logs generated by web servers contain much data that is useful for site owners, but the current default configurations can pose a threat to the privacy of individuals, and may also present a legal risk to corporations. Specifically, the IP addresses collected by web servers are becoming increasingly easy to associate with the identity of particular individuals.

For corporations, this means that they may violate their own privacy policies by retaining portions of these logs. Left unmanaged, these logs can expose web site owners to potential lawsuits and discovery requests, and erode what privacy is left to individuals.

But today, no standard policy exists to manage the retention and eventual destruction of usage log data, and no tools exist to enforce such policies.

The goal of this all-day working group meeting is to develop a policy that organizations can use to govern their retention of usage log data, and a specification for a utility that will delete, hash, or aggregate usage log data according to this policy.

This meeting is intended for legal, technical, policy, and business practitioners who are involved with the management of web usage log data, or web usage log tools.

For further information, please contact Jeff Ubois ( .