04-18-2017 01:46 AM
With the new Audit logs feature in PowerBI now being open to non-US regions, can anyone advise as to the message that appears before enabling the feature, particularly with regards to EU personal data regulations, which says
"By enabling, you agree that data collected by this feature can be stored in Microsoft diagnotic systems in the United States or other countries where we maintain facilities, including data such as IP addresses, user IDs, dates, file or item names, and details about actions taken"
Does this mean that data will be moved across regions, irrespective of whether the tenant sits within a specific region. If so, is this due to the feature being in preview and does it contain data that would cause EU personal data regulation issues ?
04-18-2017 05:03 AM
To the first question, yes. Second question, not sure if that is going to change necessarily. Third question, I am not a lawyer nor do I play one on TV, but with my understanding of the EU personal data regulations, no.
04-18-2017 11:05 PM
For the detail information about power bi audit logged, you can refer to below article:
Once you hit the search button, the search results are loaded and after a few moments they are displayed under Results. When the search is finished, the number of results found is displayed.
|Date||The date and time (in UTC format) when the event occurred.|
|IP address||The IP address of the device that was used when the activity was logged. The IP address is displayed in either an IPv4 or IPv6 address format.|
|User||The user (or service account) who performed the action that triggered the event.|
|Activity||The activity performed by the user. This value corresponds to the activities that you selected in the Activitiesdrop down list. For an event from the Exchange admin audit log, the value in this column is an Exchange cmdlet.|
|Item||The object that was created or modified as a result of the corresponding activity. For example, the file that was viewed or modified or the user account that was updated. Not all activities have a value in this column.|
|Detail||Additional detail about an activity. Again, not all activities will have a value.|
You can view more details about an event by selecting the event record in the list of search results. A details page is displayed that contains the detailed properties from the event record. The properties that are displayed depend on the Office 365 service in which the event occurs. To display additional details, select More information.
Here are some possible details that are displayed.
|Id||Unique identifier of an audit record.|
|RecordType||The type of operation indicated by the record. See the AuditLogRecordType table for details on the types of audit log records.|
|CreationTime||The date and time in Coordinated Universal Time (UTC) when the user performed the activity.|
|Operation||The name of the user or admin activity.|
|OrganizationId||The GUID for your organization's Office 365 service where the event occurred.|
|UserType||The type of user that performed the operation. See the User Type table for details on the types of users.|
|UserKey||The Passport Unique ID of the user who performed the activity.|
|ResultStatus||Indicates whether the action (specified in the Operation property) was successful or not. Possible values are Succeeded, PartiallySucceded, or Failed.|
|ObjectId||For SharePoint and OneDrive for Business activity, the full path name of the file or folder accessed by the user.|
|UserId||The UPN (User Principal Name) of the user who performed the action (specified in the Operation property) that resulted in the record being logged; for example, my_name@my_domain_name. Note that records for activity performed by system accounts (such as SHAREPOINT\system or NT AUTHORITY\SYSTEM) are also included.|
|ClientIp||The IP address of the device that was used when the activity was logged. The IP address is displayed in either an IPv4 or IPv6 address format.|
Based on document, it will log some common data, but it not mentioned to log the personal privacy data(e.g password,current computer informations,...), so I think you don't need to worry about privacy issue.
04-19-2017 12:02 AM
Thank you very much for the detailed response regarding the type of data within the logs. We have decided internally to trial logging and then assess what data is being presented.
Our concern, and it is something we are battling with internally, is with regard to the new EU General Data Protection Regulation and what is considered to be personal information. A line of thought is that an email address (if it can be used to identify an individual) can be considered personal data. As such will the user id also be considered, especially if it contains name, company domain, etc ?. Data protection regulation states that aggregated data should be considered, so one piece of data may not in itself be relevant but several correlated pieces together may form personally identifiable information.
Anyway, we will take a look and make a judgement. I think region only logging should be something that Microsoft consider, as EU companies may not feel comfortable with enabling an option that exposes data outside of the EU (particularly considering the large fines that companies will face should personal data be exposed)
04-20-2017 06:07 PM
>> I think region only logging should be something that Microsoft consider, as EU companies may not feel comfortable with enabling an option that exposes data outside of the EU (particularly considering the large fines that companies will face should personal data be exposed)
No very sure for this, I think you can contact to power bi team and told them this scenario.
04-20-2017 11:49 PM
Thanks for that reply, that's good to know. I did wonder whether this was due to the feature being in preview. If you could update when you hear more, that would be great