this post was submitted on 18 May 2026
126 points (100.0% liked)
CanadaPolitics
3269 readers
11 users here now
Placeholder for any r/CanadaPolitics refugees
Rules
- Keep the original title when submitting an article. You can put your own commentary in the body of the post or in the comment section.
- Has to be relevant to Canadian politics.
Reminder that the rules for lemmy.ca also apply here. See the sidebar on the homepage: lemmy.ca
founded 3 years ago
MODERATORS
you are viewing a single comment's thread
view the rest of the comments
view the rest of the comments
Hold on - you think that not logging VPN activity is the same as not logging access to servers storing credit card numbers?
I honestly stopped reading after that
Logs are logs. PCI has some structure to it, but it's not generally enforced. Hell, we've had cases in Canada where businesses have stored customer credit card information on Excel sheets -- NCIX in BC did this, it came to light after they sold their servers, unwiped, at auction and the new owners got the docs. There are no specific laws that say how a business needs to handle logging to servers holding credit card numbers -- there's just a PCI standard, set generally by a foreign bank consortium, which most/many small businesses ignore.
A log of someone connecting up to something like a customer portal to review their payment information/details, and basic customer information, would fall under the pending legislation. It'd also constitute 'logging' for a log-less company, generally speaking, as it's recording access to that company's services. One reason log-less companies are opposing the legislation, is that it requires them to know who their customers are, and who logs in to use their services, to record some meta data about that usage, and to report that information to the authorities when required.