Privacy laws worldwide prohibit access to sensitive data in the clear such as passport numbers and email addresses. It is no different when persisting to operational logs. One approach can be to anonymize the data before persisting it. However, this only allows for technical and business investigations. Another approach is to rely on the operating system to prevent unauthorized access using security groups or some such mechanism. This might be the easiest way to gain compliance. However, this approach relies heavily on human effort, and humans make mistakes. Furthermore, system administrators with root access will be able to view sensitive data in the clear.
Another approach that comes to mind is to share a symmetric key between the system doing the logging and all entities vetted for read access. In such a scheme, the application will encrypt selectively before writing to the log, allowing for users to decrypt when required. This approach begs the normal questions of how to share the key securely for the first time or during the key rotations mandated by the organization’s security policies. Not to mention the security risk of so many entities having access to the key.