AuditGuard: a system for database auditing under retention restrictions

Auditing the changes to a database is critical for identifying malicious behavior, maintaining data quality, and improving system performance. But an accurate audit log is a historical record of the past that can also pose a serious threat to privacy. In many domains, retention policies govern how long data can be preserved by an institution. Regulations like FERPA and HIPAA (in the U.S.) or the Directive of Data Protection (in the EU), require strict retention periods to be observed, mandating the disposal of past data. In addition, institutions often adopt their own retention policies, choosing to remove sensitive data after a period of time to avoid its unintended release, or to avoid disclosure that could be forced by subpeona.