Should Data Just Fade Away?
from the sometimes-yes,-but-often-no dept
Michael Scott points us to a report suggesting that one way to deal with the privacy issues of data stored online is to set up databases that automatically have plans to let data “fade away” over a certain period of time. Of course, I’m not sure what’s particularly new or unique about this. Lots of companies have systems in place to purge types of data after it reaches a certain age. Most companies have log files that delete after 6 or 12 months or whatever. The other issue, of course, is that with new data retention laws in place, many companies are forced by the government to retain certain types of data. And, finally, even if you plan for certain data to be deleted, there’s not necessarily a guarantee that it actually has been deleted.
Filed Under: data, data retention, privacy
Comments on “Should Data Just Fade Away?”
for the rest of the world, its called a data retention policy. after x months / years, delete data. as companies are required to keep information for tax purposes for a long time (years), it is likely that customer data would have to be retained in some form for a similar period of time.
I think such plans do little to help protect privacy and it can serve to distort history and make it more difficult for future generations to learn about past generations.
Backup Tapes. They’ll never get ALL the backup tapes!!
(the little sods breed in the dark… I’ve seen them)
Get rid of the SSN as a security identifier. Would be the best thing possible for privacy. Of course it would also be very expensive for every company in the States to implement.
And then use what? Wouldn’t the new identifier end up being the same old problem? Would you like to be writing a 36 character GUID onto all government forms?
The identifier being used is not really the problem. The problem is the misuse of the identifier as a was to ensure you are who you say you are and then the lack of a system to check what your identifier is being used for.
Re: Re: Re:
I agree with you 100%. Another issue is the fact that practically anyone can get a driver’s license (hell, you can practically get one out of a cracker jack box) and the fact that that is used to open a bank account, get a cell phone, etc. All these IDs are being used for the most ridiculous things, none of which really coincide with their intended uses.
Storage is finite other than that, there is a reason we forget things, if we don’t forget anything every time some one do something wrong we wouldn’t as a group be able to function, some people don’t know the meaning of the word’s second chance and forgiveness.
Also laws should be forgotten if they are not used, we live in a dynamic society and if there are laws that no one uses or cares why should they stay in the books forever?
Medical Records are required by the government to be retained for life, and not the life of the patient, but for ever.
How is this going to work?
The raw history of the world is now in data banks what should we do with that?
Re: Medical Records
On the other hand I can see archaeological value for medical records and some useful things people can do with them, like mapping medical conditions along with environment parameters can yield clues as to what affects people in a certain region and could be used to tell you how much of a chance you could get pulmonary cancer for example.
I know those things will get abused, but I think society should stand and fight for it not to be abused.
Some imagination ppl...
I haven’t read the source article and somebody cleverer than me would have to realise it but didn’t the words “Fade Away” get anyone else’s imagination firing?
What if a database could ‘forget’ data using various criteria like time, sensitivity, legal requirements etc. distilling it as it goes.
Not making a call on whether this is good bad or ugly but it would certainly be an interesting academic exercise.
The responses so far seem way too black and white for an article whose title implies shades of grey.
Might not work on some data
I don’t think this will work on all data. As someone has mentioned, medical files should be retained for life. A solution to this is to keep all secured data on a different drive–one that is not accessible on the internet but only within the company. Information with sensitive nature should never be released into the internet anyway.
Oh…and probably better security.
“And, finally, even if you plan for certain data to be deleted, there’s not necessarily a guarantee that it actually has been deleted.”
Agreed. Forensic toolkits anyone? If the DB is going to “delete” information, short of destroying the storage device the data is on, its going to take additional steps to make sure that the data is gone for good. The DoD and Gutman (spelling?) standards come to mind…
It just seems like a lot more effort than a company is probably willing to spend to adequately delete data.
Kind of reminds me of a proposed French law
The notion reminds me of a law they were thinking about in France a few months ago, a “Right to Forget” law: http://news.bbc.co.uk/2/hi/programmes/click_online/8447742.stm