Logs were our lifeblood. Now they're our liability
This is an interesting post, and is an important one to think about. We need to remember that although now we've got lax data privacy / retention laws, it's only going to get more user-focused and protect everyone more (which is universally a good thing!) but that we need to make sure we're architecting things in the right way to handle this.
Also, while you're thinking about this - have a read through some production logs and wonder "what could a bad actor do with these? Could they phish a customer? Could they steal their identity? Or are these so useless that we may as well not be logging anything at all?"
Recommended read: Logs were our lifeblood. Now they're our liability https://vicki.substack.com/p/logs-were-our-lifeblood-now-theyre