I don’t consider an issue solved until there are commodity implementations of the solution. Right now there are bespoke backup systems that can do per-record deletion and lots of orgs are relying on maximum retention policies to do ensure deletion on “traditional” backup systems. Until off-the-shelf backup software like Veeam and Borg can handle the use-case it will always be an option only if you have a staff of developers instead of an IT staff.
Across the US, courts require data to be hard-deleted in cases of, for example, the expungement of a juvenile’s criminal record. This is a technical problem faced by all courts. Are you suspecting that courts are not taking backups, or that they are not properly wiping expunged records from their backups, or that courts employ developers that build bespoke backup pruning systems?
Data retention and deletion are opposites. It's practically impossible to get both right. It's a target that you have to hit exactly, and being extra good at one makes you worse at the other.
Spivak|5 years ago
gkop|5 years ago
alisonkisk|5 years ago