This paper addresses privacy leakage risks in data access auditing—specifically implicit information inference and unauthorized auditing of others’ accesses—by introducing a strong auditability formalization whose core principle is logging only “effective read” operations. To this end, we propose the first effective-read-driven audit model and design three provably secure distributed objects: (1) a wait-free, leakage- and eavesdropping-resistant multi-writer multi-reader register; (2) a scalable auditable max-register; and (3) a snapshot object supporting fine-grained auditing. Key techniques include atomic read-log fusion, one-time-pad encryption, wait-free distributed protocols, and versioned type construction. Our solution enables precise, real-time, and verifiable fine-grained auditing without revealing data values or access metadata, thereby supporting higher-level abstractions such as snapshots and versioning.

extit{Auditing} data accesses helps preserve privacy and ensures accountability by allowing one to determine who accessed (potentially sensitive) information. A prior formal definition of register auditability was based on the values returned by read operations, emph{without accounting for cases where a reader might learn a value without explicitly reading it or gain knowledge of data access without being an auditor}. This paper introduces a refined definition of auditability that focuses on when a read operation is emph{effective}, rather than relying on its completion and return of a value. Furthermore, we formally specify the constraints that extit{prevent readers from learning values they did not explicitly read or from auditing other readers' accesses.} Our primary algorithmic contribution is a wait-free implementation of a emph{multi-writer, multi-reader register} that tracks effective reads while preventing unauthorized audits. The key challenge is ensuring that a read is auditable as soon as it becomes effective, which we achieve by combining value access and access logging into a single atomic operation. Another challenge is recording accesses without exposing them to readers, which we address using a simple encryption technique (one-time pad). We extend this implementation to an emph{auditable max register} that tracks the largest value ever written. The implementation deals with the additional challenge posed by the max register semantics, which allows readers to learn prior values without reading them. The max register, in turn, serves as the foundation for implementing an emph{auditable snapshot} object and, more generally, emph{versioned types}. These extensions maintain the strengthened notion of auditability, appropriately adapted from multi-writer, multi-reader registers.