IBM Support

Using IBM Spectrum Protect to support GDPR compliance strategies

Question & Answer


Question

How can IBM Spectrum Protect™ functions support GDPR compliance strategies?

Answer

The General Data Protection Regulation (GDPR), effective as of 25 May 2018, is designed to harmonize data privacy requirements across the European Union (EU). For more information about GDPR, see the Data Protection in the EU website.

You can use previously available features of IBM Spectrum Protect and enhancements that are delivered with IBM Spectrum Protect Version 8.1.5 to help you manage your storage environment to support compliance strategies for GDPR.

IBM Spectrum Protect can help support compliance with the following GDPR requirements:


_______________________________________________________________________________________________________

GDPR Article 17, Right to erasure ('right to be forgotten')

With IBM Spectrum Protect, you can delete object data from the server or client node systems. You can also prevent specified users or administrators from accessing objects.

Table 1 describes the object deletion and object access removal features of IBM Spectrum Protect that can help support compliance with GDPR Article 17.

Important: You must have the authority to delete objects. Users and server administrators with the relevant access permissions can still retrieve and access previously deleted object, node, or file space data.

Table 1. IBM Spectrum Protect object deletion and object access removal capabilities

IBM Spectrum Protect featureRelevant command or actionCharacteristics relevant for supporting compliance with GDPR Article 17
Delete user object data from a client node.
Backup-archive client command:
delete backup

Example:
delete backup c:\personal\* -deltype=all
With the IBM Spectrum Protect delete backup command, you can delete objects and remove object access from a client node.

Result:
  • User object data is removed from the client node.
  • Object access is removed from the client node user.

Important: Users with access permissions for restoring object data from a backup server copy can still retrieve the object data.
Delete user object data and file spaces from the server manually.Server commands:
DELETE FILESPACE
UPDATE FILESPACE

Backup-archive client commands:
delete backup
delete archive

Example:
delete backup c:\personal\* -deltype=all

This is relevant for client Application Programming Interface (API) applications; however, the method varies. For more information about API applications and the IBM Spectrum Protect backup-archive client, see API.

With the delete backup command, you can delete files, images, and virtual machines that were backed up to IBM Spectrum Protect server storage.

You can track deletions from a sequential storage pool volume by running the UPDATE FILESPACE command and specifying REPORTDELETES=VOLUMES.

When you delete files, the IBM Spectrum Protect server processes all of the backed-up files that meet the filespec and deltype options that are specified and deactivates them.

The server also assigns a deactivation date of infinite-minus so that the files are no longer available for restore and are purged immediately on the subsequent run of file expiration. The file is not physically removed until the expiration process runs.


Result:
  • User object data and file spaces are removed from the server.
  • Object access is removed from the backup administrator for the client node.

Important: Administrators can still access previously deleted object data by restoring the IBM Spectrum Protect server database.
Delete user object data, nodes, and file spaces from the server automatically.Server commands:
EXPIRE INVENTORY
UPDATE FILESPACE

Backup-archive client actions:
Incremental and selective backup operations
You can delete objects from the server automatically by issuing the EXPIRE INVENTORY command and specifying RETONLY and RETEXTRA policy attributes from the management class. By using the policy attributes, you can specify the number of days to retain the object data before the data is deleted from the server.

You can track deletions from a sequential storage pool volume by running the UPDATE FILESPACE command and specifying REPORTDELETES=VOLUMES.

On the backup-archive client, you can delete object data on the client node manually, and then run incremental or selective backup operations.

Result:
  • User object data, nodes, and file spaces are removed from the server.
  • Object access is removed from the backup administrator for the client node.

Important: Administrators can still access previously deleted object data by restoring the IBM Spectrum Protect server database.
Delete user object data from server backup media.Server commands:
RECLAIM STGPOOL
MOVE DATA
UPDATE FILESPACE
If you cannot access object data by using standard methods, access to server database backup media is required. To gain access to client node objects, you can restore server databases to a previous point in time.

For storage pool volumes and server database backup volumes, you can issue the RECLAIM STGPOOL or MOVE DATA commands to prevent access to deleted object data.

You can track deletions from a sequential storage pool volume by running the UPDATE FILESPACE command and specifying REPORTDELETES=VOLUMES.

Result:
  • File spaces and volumes are removed from the server backup media.
  • Object access is removed from the server backup administrator.

Important: Server administrators can still access previously deleted node or file space data until the database backup copies on the IBM Spectrum Protect server are removed.


_______________________________________________________________________________________________________

GDPR auditing

If data deletions occur, GDPR Article 17 requires that affected file spaces are updated to report the deletion. With IBM Spectrum Protect V8.1.5, the undocumented REPORTDELETES parameter can be specified for the UPDATE FILESPACE command to track object deletions from the file space.

To facilitate a compliance audit for GDPR Article 17, IBM Spectrum Protect V8.1.5 server provides the following information message when an object is deleted from the server database.

"ANR3297I Objects were deleted from volume <<volume name>>, node <<node name>>, and file space <<filespace>>."

Example: ANR3297I Objects were deleted from volume STGVOL01, node joe, and file space \\joe\c$.

To track the object deletions, you must update the file space attribute to specify the REPORTDELETES parameter.

Syntax:
UPDate FILespace REPORTDELETES= VOLumes

* >--+--------------------------------------------+--------><
* `-REPORTDELETES--=--+-None---------+-'
* '-VOLumes---'

VOLumes
Specifies sequential storage pool volumes from which objects are deleted. When one or more objects are deleted from the IBM Spectrum Protect server database as part of a node or file space deletion operation, the information message "ANR3297I" is issued and written to the activity log.

None
Specifies that messages will not be issued. This is the default value.

_______________________________________________________________________________________________________

GDPR Article 32, Security of processing

IBM Spectrum Protect provides functions to help support the following GDPR privacy requirements as outlined in GDPR Article 32, "Security of processing":
  • Encryption at rest
  • Transport Layer Security (TLS) session handling

With the IBM Spectrum Protect server, you can use container pool encryption to encrypt all or part of the personal data that is stored on your systems. You can also use TLS-enabled sessions to help secure data communications.
_______________________________________________________________________________________________________

GDPR Articles 33 and 34, Notification and communication of a personal data breach

GDPR Article 33, “Notification of a personal data breach to a supervisory authority," and Article 34, “Communication of a personal data breach to the data subject,” provide regulations for breaches of personal data.

To help support compliance with these articles, you can use the REPORTRETRIEVE option on the IBM Spectrum Protect server to log client restore or retrieve requests that are performed by client nodes or administrators. Event logging features provided by IBM Spectrum Protect enable you to log events for a given node name.


REPORTRETRIEVE option

Syntax:

>>-REPORTRETRIEVE--+-YES-+-------------------------------------><
'-NO--'

YES
Specifies that messages will be issued to the server console and stored in the activity log whenever files are restored or retrieved from the IBM Spectrum Protect server. The messages will specify the name of the objects being restored or retrieved and identify the client node or administrator performing the operation.

NO
Specifies that messages will not be issued.

Example: If the REPORTRETRIEVE option is set to YES, the following information message is issued and stored in the activity log when files are restored to or retrieved from the IBM Spectrum Protect server:

"ANR0411I Session 8 for administrator COLIND-TUC logged in as node COLIND-TUC restored or retrieved Backup object: node COLIND-TUC,
filespace \\colind-tuc\c$, object\CODE\TESTDATA\ XXX.OUT"

For more information about the REPORTRETRIEVE option, see REPORTRETRIEVE.

Event logging features

IBM Spectrum Protect event logging features enable you to log events for a given node name. For example, for events such as restore or retrieve requests, the information message "ANR0411I" is logged for further processing, if required. For events such as an object deletion from the server database, the "ANR3297I" message is logged.

You can use the following server commands for event logging:
  • To enable (and disable) server or client events for logging, use the ENABLE EVENTS and DISABLE EVENTS commands.
  • To begin (and end) logging events to one or more receivers, use the BEGIN EVENTLOGGING and END EVENTLOGGING commands.

For more information about event logging, see the following topics:

[{"Product":{"code":"SSEQVQ","label":"IBM Spectrum Protect"},"Business Unit":{"code":"BU010","label":"Systems - Storage"},"Component":"Server","Platform":[{"code":"PF002","label":"AIX"},{"code":"PF016","label":"Linux"},{"code":"PF033","label":"Windows"}],"Version":"Version Independent","Edition":"All Editions"}]

Document Information

Modified date:
17 June 2018

UID

swg22014168