Limit personally identifiable information contained in audit records to the following elements identified in the privacy risk assessment: au-03.03_odp.
Limiting personally identifiable information in audit records when such information is not needed for operational purposes helps reduce the level of privacy risk created by a system.