This policy relates to personal data, as defined by the Data Protection Act 1998, held on the Managed Web Service (MWS).
The MWS provides web servers to entitled groups that are able to write and maintain their own web pages, wish to have their own server, but are unable to run one.
There are three primary categories of logs:-
- access (login) - Typically the following information is logged: user name, address of calling site or machine, time of session.
- webserver - In common with most web sites, each site automatically logs certain information about every request made of it. The format of these logs may change from time to time, but they contain only data derived from the headers of the HTTP requests and responses.
- email - Email may be generated by several methods including CGI scripts. Typically the logs contain sender identifier, recpient address and time of message.
In addition, the computers on which the MWS is hosted keep records of attempts (authorised and unauthorised) to use them for purposes other than those described above. This data typically includes the date and time of the attempt, the service to which access was attempted, the name or network address of the computer making the connection, and may include details of what was done or was attempted to be done.
Typically logs are kept for a year in the case of web server logs and ten months in the case of system logs.
This information is used for system administration, for bug tracking, for tracing misuse and for producing usage statistics. Authorised users of individual sites have access to their site's logs. Other than in exceptional circumstances requests in connection with logs will be referred to the relevant site managers. In the case of misuse relevant information may be passed to security teams as part of an investigation. Otherwise the information is not passed to any third party except where required by law.