|Title||Delete Means Delete|
|Summary||When a file (or other data object) is deleted by a system or user action, no copy of the deleted data SHOULD be kept longer than 90 days.|
Recommended by the University of Washington (what does this mean?)
|Date reviewed||January 2016|
|Source||Chief Technology Officer|
Many systems implement "safety net" copies of data that is deleted (aka snapshots). This copy of deleted data can provide fast, simple, and self-service data recovery from accidental deletions, malicious actions ( malware / ransomware / hacker ), as well as business resumption & disaster recovery scenarios. However, there is no standard default and systems implement this to different default timelimits. Examples:
Keeping deleted data available for discovery incurs a risk for the institution. Likewise, not keeping a 'safety net' copy also incurs a risk.
Keeping deleted data for long periods of time also can be a significant cost for the storage platform. Systems where the data remains until 12 months after the delete was requested are operating with up to 20% additional storage hardware costs.
What will this affect: systems for general purpose storage: Nebula GPFS filesystem, Udrive, all new general purpose storage systems ( an EA exception can be requested )
Risks: Some data will be un-recoverable when asked if a copy exists after deletion.