My Photo

Your email address:


Powered by FeedBlitz

April 2018

Sun Mon Tue Wed Thu Fri Sat
1 2 3 4 5 6 7
8 9 10 11 12 13 14
15 16 17 18 19 20 21
22 23 24 25 26 27 28
29 30          
Blog powered by Typepad

Become a Fan

« Information Incontinence | Main | Virtual Reality: There Is No Place Like Home »

January 05, 2008

Comments

Feed You can follow this conversation by subscribing to the comment feed for this post.

Brian

Re: With all the countless copies of data being made, how can one be sure it is ever all deleted anyway?

Yeah, this is a hard problem. Encrypting data at rest can provide a small part of one possible solution. It reduces the volume of data you need to dispose of. Instead of needing to track down every backup tape, you can just destroy the keys you need to encrypt the tape.

Álvaro Del Hoyo

Jeff,

These are the main facts, goals in my opinion you are dealing with data decommission:

a) Data to keep and data to be trashed, decommissioned are living together in data storage resources (hard disks and back up assets).

[QUESTION: Will your technology solved the problem of data to be erased while they are kept in "cold" back up assets? Will your technology immediately and on the fly erase those data in case recovery process has to be performed using "cold" back up assets?

b) Structured and unstructured data are living together. Data to be be kept and data to be decommissed could be part of an unstructured document i.e., personal data included in a text processor application based register

c) According to European Privacy Directive personal data should be cancelled when they are not needed anymore which means that access to data is blocked while they are not necessary (in your scenario, project closing date), but data should be accessible in case they are needed (in your scenario, eventual trial, evidence of tax obligations,...).

After all these terms while you are obliged by law (including terms while obligations fulfillment could be asked by any of the parties of an agreement data) or voluntary agreements to keep information, blocked data (reversible access in case is needed) should be definitely decommissed, deleted unless anonymization is applied on personal data, so neither you nor any third party could identify people behind the anonymized data under reasonable term and efforts.

Bearing in mind, that anonymization is exactly what re-identification researchers have demonstrated is far from being achieved and is becoming more difficult every day due to amount of data being provided publicly by human beings and included in public data bases or easy and cheap to access data bases, as long as processing and storing technology improvements (33bits.org, Paul Ohm,...)

d) Legal terms that are forcing you to maintain data for different purposes, mainly always as evidence of obligation fulfillments, are spread over many different laws and jurisdictions.

e) Furthermore, on unstructured data you could find yourself in a situation that you should indefinitely preserve information for i.e. statistical or Historical purposes, but at the same time removing some personal data and personal identifiable information (note that according to re-identification researchers all data could be considered personal identifiable information)

My conclusion is that:

If anonymization is quite difficult to achieve, or it is something that could be reversed in a short or medium term i.e. people could be re-identified, or apparently it is even impossible to reach, anonymization can not be an option as decommission substitute, which means decommission, securely erasure of data should be the unique rule, the exclusive option.

If there are no standardized terms during which decommission is mandatory (specially if you are a global player) and data to keep/data to be erased are cohabiting on unstructured documents and/or storage resources, being a medium human being without advanced technological knowledge I do not see how technology could secure and irreversibly delete certain and determined data out from a huge data spectrum where some other data have to be preserved

Looking forward to be surprised ;-p

Thanks for all your knowledge sharing and privacy by design researching (protecting not only privacy, as other civil liberties and fundamental rights).

Regards

COLD-FX

COLD-FX has helped both specialist and novice sportsmen continue to be active and healthy, as well as celebrate its 20th Anniversary this tumble, COLD -FX is saluting our countrywide passion for hockey. But there's no requirement to look from the skates or best your slap picture. Just flexible increase your fingertips for that COLD-FX Desk Ice hockey Tournament, occurring in October in a number of key centres all over Canada - Vancouver, Halifax, Edmonton and Toronto. Browse the website at www.cold-fx.ca for particulars on a gathering close to you. As well as, all hockey supporters can observe having a Particular COLD-FX 20th Anniversary Version DVD of Rock'em Sock'em Ice hockey, offered totally free with buying specifically labeled bundles of COLD-FX 60's. Kitchen table hockey, a greatest hits DVD and COLD-FX - it's the supreme head wear strategy for ice hockey fans from shoreline-to-coast.

The comments to this entry are closed.