May 15, 2012 at 3:24 pm
Lynn Pettis (5/15/2012)
L' Eomot Inversé (5/15/2012)
Revenant (5/14/2012)
It depends. 🙂You do not have to delete data, you can mark rows as inactive or obsolete, which of course allows undo.
I think that by the time the next version of SQLS hits the market (2015?), no-deletes and behind the scenes cloning of SQLS VMs will be common practice.
I admit that I am probably biased, because I am on BI and OI and data are facts for posteriority and we only seldom delete data.
I guess you would find working with EU data protection law would give you fits! 😛
There is an absolute necessity to be able to delete things for real (that means irreversibly render them invisible/inaccessible, even by physical analysis of the media with full knowledge of all formats and full access to any keys necessary for decryption of the data) if the data is personally identifiable (ie refers to a specific person, who may be identified from the data, perhaps in conjunction with other data). This probably means that "retained for ever" backups, when they contain data about an identifiable person, are illegal. That hasn't been tested in court (yet) - several EU countries are pushing for a change in the law to make it absolutely clear that such backups are always illegal, several others are saying no change is needed because the current law makes them clearly illegal, while others are horrified at some of the proposed changes. A lot of things you wouldn't expect count as identifying a person: an IP address and date and time often counts as identifying a person; so does something which may not on its own dirctly identify a person but might if taken together with other data which has a reasonable possibility of being/becoming visible/accessible to the person who sees/accesses the data - those examples have been tested in court.
Curious, does the retention period for Personally Identifiable information conflict with the requirements for the retention of other information, such as financial information? If financial information must be retained longer the PI information, what does the law say?
Do the people making and passing these laws even know how technically infeasible it is to selectively delete information from a backup file?
The answer to your second paragraph is easy: some of them haven't a clue, others know how to do it (it isn't actually difficult: restore, do required deletion, make new backup, validate new backup, destroy old backup), and yet others don't care (because they are pig-ignorant vandals and proud of it, ie typical politicians).
The two questions in your first paragraph are a bit harder. In principle, the answer to the second one is straightforward -the requirement to delete data doesn't apply to data which is required by law to be retained; but there is a complication: the judiciary (ultimately, the ECJ) can strike down any part of a law that requires (or permits) retention (or processing without the informed consent of the data subject - has to be opt-in, not opt-out) unless the retention (or processing) is necessary for the achievement of the objective of the law (that inludes a requirement that there is no reasonable method of achieving the objective without retaining the data), the objective is one that is appropriate in a democratic society, and the damage to the data subject's (or subjects') rights is less than the damage of not achieving that objective (all that is usually abbreviated to "necessary and proportionate"). That of course means that it is recognised in law that the two requirements will sometimes conflict, and there are criteria by which the judiciary can determine which requirement overrides the other.
A lot of this of course is a result of the ECHR being interpreted more and more stupidly by more and more liberals and more and more bureaucrats, sometimes with the assistance of the judiciary, and these stupid interpretaions being incorporated into law (whether as case law - binding precedent - or as legislated law).
Of course the pig-ignorant vandals are pressing for more "rights" to be recognised, without any corresponding responsibilities or duties. That kind of pseudo-liberal we will always, unfortunately, have with us. We have idiocies like proposals for an "absolute right to be forgotten" which means, for example, that someone serving a prison sentence for rape or for murder of juveniles can demand that the fact that he is doing so is not recorder anywhere the ordinary public could access it, and that the information should not be available to any potential employer - not even to a school board.
But what do you expect of politicians? Or indeed of bureaucrats- the Commission of the European Communities of course consists of senior ex-politicians, effectively king-size bureaucarats who employ a vast army of senior bureaucrats which in turn employs a vast army of not so senior bureaucrats. It spends a vast amount of money and it has never in all the decades of its existence managed to persuade its auditors to sign off its annual accounts.
Tom
May 15, 2012 at 3:35 pm
Brandie Tarvin (5/15/2012)
Tom,Does EU data protection laws define a difference between sensitive information and personal indentifying information?
Yes. personally identifiable information may be sensitive or not; the rules if it's sensitive are much the same as if it's not, but the penalties for breaking them may be heavier and the judiciary, when determining whether something is "proportional", place a greater weight on handling sensitive information than on non-sensitive information.
Sensitive information which is not personal information is of course protected by completely different laws (in the UK, by the Official Secrets Act, for example). In USA terms I guess it's the difference between a matter of Homeland Security and a matter of Civil Rights.
Tom
May 15, 2012 at 3:45 pm
Stefan Krzywicki (5/15/2012)
L' Eomot Inversé (5/15/2012)
I guess you would find working with EU data protection law would give you fits! 😛There is an absolute necessity to be able to delete things for real (that means irreversibly render them invisible/inaccessible, even by physical analysis of the media with full knowledge of all formats and full access to any keys necessary for decryption of the data) if the data is personally identifiable (ie refers to a specific person, who may be identified from the data, perhaps in conjunction with other data).
Does obscuring the data so it is no longer attributable to a specific inividual satisfy the requirements?
Yes, but in fact it is much harder to do that successfully than you might think. Several people have successfully identified people from what was claimed to be thoroughly anonymised data. I think Ross Anderson has some papers on the topic, and I know there are several Americans who have published on this. But I no longerkeep track of the literature (all I do now is read what turns up on Outlaw or on The Reg, and follow the UK Cryptography list), because I no longer have to worry about data protection; so I can't provide links to any of the research.
Tom
May 15, 2012 at 4:02 pm
Lynn Pettis (5/15/2012)
There was a recent thread where the OP wanted to return the difference between two date/time values as hh:mm:ss. Does anyone remember this thread?
Yes. Why?
--Jeff Moden
Change is inevitable... Change for the better is not.
May 15, 2012 at 4:14 pm
Jeff Moden (5/15/2012)
Lynn Pettis (5/15/2012)
There was a recent thread where the OP wanted to return the difference between two date/time values as hh:mm:ss. Does anyone remember this thread?Yes. Why?
Finding some code similar here at work and want to compare my rewrite of it to what was posted here on ssc.
May 15, 2012 at 4:41 pm
L' Eomot Inversé (5/15/2012)
. . . In USA terms I guess it's the difference between a matter of Homeland Security and a matter of Civil Rights.
Plus a few laws, such as Sarbannes-Oxley, that are telling you how long companies, especially the publicly traded ones, have to keep every record. Which is what I was driving at with my remark about the legal duty to keep every e-mail for at least 7 years. You may think you deleted it but it only got moved into a folder you do not see. Similarly, in the finance systems, you never delete anything, you make a correction and the original record (row) is still kept.
Therefrom my observation that I see less and less need to delete anything.
May 15, 2012 at 6:29 pm
Jeff Moden (5/15/2012)
Lynn Pettis (5/15/2012)
There was a recent thread where the OP wanted to return the difference between two date/time values as hh:mm:ss. Does anyone remember this thread?Yes. Why?
Lynn - I believe that I do too. Here's one but it's probably not the one you're thinking of.
http://www.sqlservercentral.com/Forums/Topic1298741-338-1.aspx#bm1300475
My thought question: Have you ever been told that your query runs too fast?
My advice:
INDEXing a poor-performing query is like putting sugar on cat food. Yeah, it probably tastes better but are you sure you want to eat it?
The path of least resistance can be a slippery slope. Take care that fixing your fixes of fixes doesn't snowball and end up costing you more than fixing the root cause would have in the first place.
Need to UNPIVOT? Why not CROSS APPLY VALUES instead?[/url]
Since random numbers are too important to be left to chance, let's generate some![/url]
Learn to understand recursive CTEs by example.[/url]
[url url=http://www.sqlservercentral.com/articles/St
May 15, 2012 at 6:56 pm
dwain.c (5/15/2012)
Jeff Moden (5/15/2012)
Lynn Pettis (5/15/2012)
There was a recent thread where the OP wanted to return the difference between two date/time values as hh:mm:ss. Does anyone remember this thread?Yes. Why?
Lynn - I believe that I do too. Here's one but it's probably not the one you're thinking of.
http://www.sqlservercentral.com/Forums/Topic1298741-338-1.aspx#bm1300475
You were right, it wasn't the one I was thinking of. The one I'm looking for actually had the calculations for hours and minutes in it. This one didn't, unless I overlooked it.
May 15, 2012 at 8:04 pm
Chad Crawford (5/14/2012)
Wahoo! Just got a note stating that Jason is teaching our users group meeting today. Unfortunately, I'll be the guy that shows up late and has to leave early (please don't be offended), but I'll be there!Chad
Thanks for being there.
Jason...AKA CirqueDeSQLeil
_______________________________________________
I have given a name to my pain...MCM SQL Server, MVP
SQL RNNR
Posting Performance Based Questions - Gail Shaw[/url]
Learn Extended Events
May 15, 2012 at 8:06 pm
Chad Crawford (5/15/2012)
Chad Crawford (5/14/2012)
Wahoo! Just got a note stating that Jason is teaching our users group meeting today. Unfortunately, I'll be the guy that shows up late and has to leave early (please don't be offended), but I'll be there!Chad
Jason did well. I caught the beginning, but had to miss the wrap-up. Good luck in Boston Jason!
Chad
All too kind. Wish we had time to chat before/after the meeting.
Jason...AKA CirqueDeSQLeil
_______________________________________________
I have given a name to my pain...MCM SQL Server, MVP
SQL RNNR
Posting Performance Based Questions - Gail Shaw[/url]
Learn Extended Events
May 15, 2012 at 8:07 pm
GilaMonster (5/15/2012)
Evil Kraig F (5/15/2012)
@Gail: Was being a wise-arse, thought I'd get a laugh, not boggling confusions... :hehe:Yeah, i figured as much, knowing you.
And for the record... still waiting.
OK - what are you nervously waiting for?
Jason...AKA CirqueDeSQLeil
_______________________________________________
I have given a name to my pain...MCM SQL Server, MVP
SQL RNNR
Posting Performance Based Questions - Gail Shaw[/url]
Learn Extended Events
May 15, 2012 at 10:13 pm
SQLRNNR (5/15/2012)
GilaMonster (5/15/2012)
Evil Kraig F (5/15/2012)
@Gail: Was being a wise-arse, thought I'd get a laugh, not boggling confusions... :hehe:Yeah, i figured as much, knowing you.
And for the record... still waiting.
OK - what are you nervously waiting for?
I'm curious about what you're waiting for also... you shot down my guess also.
Wayne
Microsoft Certified Master: SQL Server 2008
Author - SQL Server T-SQL Recipes
May 16, 2012 at 2:45 am
Revenant (5/15/2012)
L' Eomot Inversé (5/15/2012)
. . . In USA terms I guess it's the difference between a matter of Homeland Security and a matter of Civil Rights.Plus a few laws, such as Sarbannes-Oxley, that are telling you how long companies, especially the publicly traded ones, have to keep every record. Which is what I was driving at with my remark about the legal duty to keep every e-mail for at least 7 years. You may think you deleted it but it only got moved into a folder you do not see. Similarly, in the finance systems, you never delete anything, you make a correction and the original record (row) is still kept.
Therefrom my observation that I see less and less need to delete anything.
Not too diferent from here in terms of legally mandated retention. Anything that is relevant to taxation has to be kept for a minimum of 6 years (some corporate stuff for longer). Anything reating to corporate governance for 7 years, I think. And then there is the issue of consent - if you want to run a bank account with have a large overdraft facility, you consent to the bank keeping and processing your personal data which is relevant to that (which means effectively for at least 6 years after the end of the tax year in which you shut down the account, since the IR may be interested in the account details the bank has to retain them for at least 6 years) or you do without.
Things are not unreasonable here, in fact, although there are people who are trying to make them so, and although data protection law when first introduced came as a shock to people who had decided not to organise separation of different types of data in such a manner that true deletion could be achieved where needed (usually because they thought it would be cheaper to keep everything, even given the storage costs, which certainly implies that they used an inferior grade of tea-leaf readers, but sometimes so that they could use the data to generate massive amounts of paper spam, or sell it to crooks who could use it to assist in "identity theft").
Tom
May 16, 2012 at 6:14 am
L' Eomot Inversé (5/15/2012)
We have idiocies like proposals for an "absolute right to be forgotten" which means, for example, that someone serving a prison sentence for rape or for murder of juveniles can demand that the fact that he is doing so is not recorder anywhere the ordinary public could access it, and that the information should not be available to any potential employer - not even to a school board.
We have the "right to be forgotten" movement going on in the States too, but I don't think it's gotten to that extreme. Of course, I've been too busy with other things to pay attention to all the nitty-gritty details.
May 16, 2012 at 6:34 am
Brandie Tarvin (5/16/2012)
L' Eomot Inversé (5/15/2012)
We have idiocies like proposals for an "absolute right to be forgotten" which means, for example, that someone serving a prison sentence for rape or for murder of juveniles can demand that the fact that he is doing so is not recorder anywhere the ordinary public could access it, and that the information should not be available to any potential employer - not even to a school board.We have the "right to be forgotten" movement going on in the States too, but I don't think it's gotten to that extreme. Of course, I've been too busy with other things to pay attention to all the nitty-gritty details.
So...you forgot about it? :hehe:
---------------------------------------------------------
How best to post your question[/url]
How to post performance problems[/url]
Tally Table:What it is and how it replaces a loop[/url]
"stewsterl 80804 (10/16/2009)I guess when you stop and try to understand the solution provided you not only learn, but save yourself some headaches when you need to make any slight changes."
Viewing 15 posts - 36,106 through 36,120 (of 66,712 total)
You must be logged in to reply to this topic. Login to reply