It is necessary to review the information available in the module logs. Personally Identifiable Information (PII) that directly (explicit user personal data, financial information, etc.) or indirectly (references to files in S3 or local files containing personal information) allows the identification of a user must be removed. If removal is not possible, the information should be masked. Among the PII, the following should be removed (if applicable):
Direct Identifiers (explicitly identify an individual):
Full name
Social Security Number (SSN)
Passport number
Driver’s license number
Email address
Phone number
Physical address
Indirect Identifiers (can identify an individual when combined with other information):
Date of birth
IP address
Geolocation data
Employment information
Medical records
Financial data (e.g., credit card details)
Acceptance criteria:
All PII is not present in the module logs based on logs visual review.
It is necessary to review the information available in the module logs. Personally Identifiable Information (PII) that directly (explicit user personal data, financial information, etc.) or indirectly (references to files in S3 or local files containing personal information) allows the identification of a user must be removed. If removal is not possible, the information should be masked. Among the PII, the following should be removed (if applicable):
Direct Identifiers (explicitly identify an individual):
Full name
Social Security Number (SSN)
Passport number
Driver’s license number
Email address
Phone number
Physical address
Indirect Identifiers (can identify an individual when combined with other information):
Date of birth
IP address
Geolocation data
Employment information
Medical records
Financial data (e.g., credit card details)
Acceptance criteria:
All PII is not present in the module logs based on logs visual review.