You are right and in that case you should also have a process in place to delete the PII from the additional sheets of paper. I'm inclined to keep PII out of logs in the first place but am unsure how to proceed. Either just don't log any data / parameters or implement some kind of whitelist like you would with passwords and other secrets.