It is necessary to review the information available in the module logs. Personally Identifiable Information (PII) that directly (explicit user personal data, financial information, etc.) or indirectly (references to files in S3 or local files containing personal information) allows the identification of a user must be removed. If removal is not possible, the information should be masked. Among the PII, the following should be removed (if applicable):

Direct Identifiers (explicitly identify an individual):

• Full name

• Social Security Number (SSN)

• Passport number

• Driver’s license number

• Email address

• Phone number

• Physical address

Indirect Identifiers (can identify an individual when combined with other information):

• Date of birth

• IP address

• Geolocation data

• Employment information

• Medical records

• Financial data (e.g., credit card details)

Acceptance criteria:

All PII is not present in the module logs based on logs visual review.