"legal obligation to delete" in the Cloud
Saqib Ali 2700018529 Visits (994)
David Navetta, Esq. CIPP, has published an interesting blog post on the topic of Legal Implications of Cloud Computing.
Mr. Navetta emphasize the need to understand the increasingly complex and interlocking relationships in the Cloud:
The blog post also highlights the need for proper data retention and destruction policies.
My thoughts on Legal Obligation to Delete:
Internet has created a world where "absolute destruction" of data is not easy to achieve. Even when the services are hosted in-house, this type of data destruction is not possible. There could be replicas, backups, off-site backups, DR backups, user created offline replicas, user archives and even printed copies.
I think what is a more achievable is delete in context. Data that loses its context, loses its meaning and is not of much use. So going back to Cloud Services, when I delete an email from my SaaS powered Inbox, the SaaS provider may still have some residual "Sharded" copies of the data. But these residual copies have completely lost their context. And as you traverse down the layers of Cloud Service aggregators (Saas –> PaaS –> IaaS), this residual data becomes more and more meaningless. Re-animating an email from this sharded residual data would be like trying to re-construct a needle by searching for its pieces in a haystack! :-)