April 27, 2016 at 9:54 pm
Comments posted to this topic are about the item Losing All Traces of Data
April 28, 2016 at 4:54 am
The ability to remove an individual's records is a legal requirement in the UK. It is intended for data that is inaccurate or false.
We also have the European Court of Human Rights ruling on the right to be forgotten.
Complying with the law is expensive and difficult when applied to backups. I doubt that many companies have a procedure to do this gambling on the situation never happening.
Can you imagine having to go back through the backups of a sizable data warehouse to remove records on or derived from a specific individual? Not many companies I've worked for had the mechanical capabilities required to do it. You'd have to outsource it or use one of the Big cloud vendors. Even that is fraught with legal difficulties.
Like many things, if defined as a requirement up front it is possible. As a tagged on requirement on an active system it's a nightmare
April 28, 2016 at 5:09 am
David.Poole (4/28/2016)
...Can you imagine having to go back through the backups of a sizable data warehouse to remove records on or derived from a specific individual?...
I think that many companies rely on data derived from a specific individual no longer being able to identify that individual thus no longer requiring removal for the reasons David validly specified.
Gaz
-- Stop your grinnin' and drop your linen...they're everywhere!!!
April 28, 2016 at 5:15 am
[Contains a spoiler for a 1994 film!!!]
Is it wrong to admit that when I saw Disclosure in the cinema I stood up and yelled "Backups, you idiot!!!" in frustration of a [fictional] IT professional not immediately thinking of live data being deleted in front of him could be retrievable from backups? It was beyond preposterous that an IT professional wouldn't immediately think of this. It was a stretch too far for me.
Gaz
-- Stop your grinnin' and drop your linen...they're everywhere!!!
April 28, 2016 at 5:20 am
It should be difficult to permanently delete data. It should involve more than one person (like, but less dramatic than, the two key nuclear missile launch technique). And just like backups, DR, etc., there should be a proven documented process that is regularly reviewed.
Gaz
-- Stop your grinnin' and drop your linen...they're everywhere!!!
April 28, 2016 at 5:37 am
David.Poole (4/28/2016)
Can you imagine having to go back through the backups of a sizable data warehouse to remove records on or derived from a specific individual?
I have always wondered how this is handled, e.g. if somebody had their DNA data put on the DNA database erroneously, and they win a legal battle to have their data removed, will the police (or whoever) honestly restore all their old backups and expunge the data from them? I doubt it.
April 28, 2016 at 5:38 am
I'm always ranting at the TV about backups too, Gary :-D.
April 28, 2016 at 6:36 am
Beatrix Kiddo (4/28/2016)
I'm always ranting at the TV about backups too, Gary :-D.
Same here.
April 28, 2016 at 6:39 am
I can't imagine having all backups online to be tampered with, even put under ransomware. If backups are kept current, why is ransomware even a problem?
April 28, 2016 at 6:41 am
David.Poole (4/28/2016)
The ability to remove an individual's records is a legal requirement in the UK. It is intended for data that is inaccurate or false.We also have the European Court of Human Rights ruling on the right to be forgotten.
Wow, how is this even possible? One would think you would have to restore the backup, remove the data, and then back it up again, hoping nothing else happened to the data during that time.
April 28, 2016 at 6:52 am
The "Right To Be Forgotten" is an interesting legal concept. Not only is it technically and logistically impossible, but apparently it doesn't apply equally to all individuals (ie: regular folks would be granted more liberty in terms of forgottenness (*) than politicians and celebrities which seems inconsistent with legal egalitarianism. Another problem is that so long as folks remember the person or event in question, it will constantly be reintroduced into the digital records.
* http://www.collinsdictionary.com/dictionary/english/forgottenness
"Do not seek to follow in the footsteps of the wise. Instead, seek what they sought." - Matsuo Basho
April 28, 2016 at 7:46 am
Gary Varga (4/28/2016)
[Contains a spoiler for a 1994 film!!!]Is it wrong to admit that when I saw Disclosure in the cinema I stood up and yelled "Backups, you idiot!!!" in frustration of a [fictional] IT professional not immediately thinking of live data being deleted in front of him could be retrievable from backups? It was beyond preposterous that an IT professional wouldn't immediately think of this. It was a stretch too far for me.
Given the number of 'my DB is corrupt and I have no backups' posts we get here, it's entirely believable 🙂
April 28, 2016 at 8:10 am
Iwas Bornready (4/28/2016)
David.Poole (4/28/2016)
The ability to remove an individual's records is a legal requirement in the UK. It is intended for data that is inaccurate or false.We also have the European Court of Human Rights ruling on the right to be forgotten.
Wow, how is this even possible? One would think you would have to restore the backup, remove the data, and then back it up again, hoping nothing else happened to the data during that time.
It's a BS requirement made to sound good that really does and means nothing.
April 28, 2016 at 8:14 am
In keeping with the movie and TV references, the series Mr. Robot did a realistic take on this. A fair amount of the dialogue had the characters considering that the data deletion had to affect (or prevent) the backup replication to a 2nd backup site (in China, I think) and would become unreachable, implying offline storage.
So, realistic scenarios are possible if the writers do their research.
April 28, 2016 at 8:15 am
I think of the same thing when people try to remove all traces of information from the internet. That data may be gone from view today but it is on a server backup, maybe more than one, and can be retrieved by someone that wants it bad enough. Even something posted on a site that claims it is erased after a short period. If it exists digitally it can be copied and saved even if it existed for a short period.
Viewing 15 posts - 1 through 15 (of 32 total)
You must be logged in to reply to this topic. Login to reply