UK GDPR and Data Protection Act 2018: Primary data protection legislation in the UK that governs how personal data must be handled, including when such data appears in audit logs. Organizations must ensure audit logging practices comply with data protection principles.
Network and Information Systems Regulations 2018: Regulations that apply to operators of essential services and digital service providers, requiring appropriate security measures including audit logging capabilities.
Privacy and Electronic Communications Regulations (PECR): Regulations governing privacy in electronic communications, relevant when audit logs contain communications data or metadata.
Computer Misuse Act 1990: Legislation addressing unauthorized access to computer systems, relevant for audit logging policies in terms of detecting and preventing unauthorized access.
ISO 27001: International standard for information security management, providing framework for audit logging requirements and best practices.
PCI DSS: Payment Card Industry Data Security Standard, specifying audit logging requirements for organizations handling payment card data.
SOX Compliance: Sarbanes-Oxley Act compliance requirements, relevant for organizations needing to maintain accurate financial records and audit trails.
Financial Services and Markets Act 2000: Legislation governing financial institutions, including requirements for record-keeping and audit trails in financial transactions.
Freedom of Information Act 2000: Legislation applicable to public bodies, requiring transparency and proper record-keeping, which affects audit logging requirements.
Investigatory Powers Act 2016: Legislation governing lawful interception and monitoring of communications, relevant for audit logging of communication systems.
