The Quest for Proof: Retrieving VPN Access Records Post-Termination


  • Is it common practice for companies to destroy VPN logs, or is it possible that they are still retained somewhere?
  • Is there a possibility of recovering the connection log history from my work terminal, which was used exclusively for remote access to the company’s network?
  • Can I legally request my internet service provider to furnish records of my web history, specifically pertaining to the times I accessed the company’s VPN?
  • Are there any other methods or sources I could explore to obtain the necessary evidence for my case?
  • For

context, I am based in Canada, but the VPN server I connected to is located in the United States, and the company is regulated by both the SEC and FINRA.”


In the realm of digital communications and remote work, VPN logs serve as critical records that can validate the activity and connectivity of employees. However, the practices surrounding the retention and destruction of these logs can vary widely among companies, often influenced by internal policies, regulatory requirements, and technical capabilities.

It is not uncommon for companies to establish data retention policies that include the regular destruction of VPN logs. This is typically done for privacy reasons and to manage storage costs. However, when legal matters arise, such as disputes over wrongful termination or overtime claims, companies are generally required to preserve relevant data, including VPN logs.

Recovering Connection Logs from Work Terminals

If a work terminal was used exclusively to access a company’s VPN, it may contain residual data that could potentially reconstruct connection logs. The feasibility of this recovery depends on the terminal’s configuration and the level of logging enabled. Subpoenaing the terminal could be a necessary step, but it’s advisable to consult with a legal expert familiar with digital forensics.

Requesting Records from ISPs

Legally requesting records from your personal ISP is another avenue to explore. ISPs typically log customer activity, but the level of detail and retention periods can vary. In Canada, privacy laws may protect such information, and a court order would likely be required to obtain these records, especially if they pertain to a specific business VPN.

Alternative Methods for Evidence Gathering

Other methods to consider include:

  • Witness Testimonies

    : Colleagues or IT personnel who can attest to your work hours and VPN usage.

  • Email and Communication Records

    : Correspondence that references work completed during the disputed hours.

  • Work Product

    : Documents, files, or projects timestamped or logged within the company’s systems.

  • Cross-Border Considerations

    Given the international nature of your case, with a VPN server located in the U.S. and the company’s regulation under SEC and FINRA, it’s crucial to navigate both Canadian and U.S. laws. This may require the expertise of legal professionals versed in cross-border litigation and digital evidence.

    In summary, while companies may have policies to destroy VPN logs, exceptions are made for legal disputes. Recovering logs from a work terminal is possible but challenging, and ISP records can be requested through legal channels. Exploring all available avenues, including alternative methods of evidence gathering, is essential for building a robust case. Consulting with legal experts who specialize in digital evidence and cross-border regulations will provide the best course of action for your situation.

    Leave a Reply

    Your email address will not be published. Required fields are marked *

    Privacy Terms Contacts About Us