Why this matters
LGPD requires data minimization and security of processing; logs often persist beyond retention windows and can leak PII.
Never write raw personal data to logs. Apply irreversible masking/redaction (e.g., CPF → ..-; emails → f**@domain.com). Include the LGPD purpose in the log context and prefer structured logging.
LGPD requires data minimization and security of processing; logs often persist beyond retention windows and can leak PII.
Side-by-side examples engineers can pattern-match during review.
logger.info("login", { cpf, email, phone })function maskCPF(c){ return c.replace(/\d(?=\d{2})/g, ""); }\nfunction maskEmail(e){ const [u,d]=e.split("@"); return (u[0]||"")+"@"+d; }\nlogger.info("login", { cpf: maskCPF(cpf), email: maskEmail(email), phone: "" })logger.info("export", { email: maskEmail(user.email) })logger.info("export", { email: user.email })From the same buckets as this rule.