Check out my fun paper called "Where the truth is: Logs and breach-disclosure laws" at ComputerWorld. I personally find the premise that logs help with breach notification mandates to be a perfect no-brainer, but it looks like some people consider it to be deep insight.
And, let's leave it at that: deep insight it is :-)
Key point for the impatient bunch: "... logs are essential for compliance with breach-notification laws because you know who exactly to notify. Proper log-keeping will save massive amounts of money while complying with both the letter and the spirit of this law."