So, let me guess … your manager just asked you whether you can delete someone’s personal data from your backup copies if he or she were to ask you following a ‘right to be forgotten’ request, right?
Oh yes, and you are one of the 49% of organizations that are still using backup tapes as part of the backup and recovery strategy. Nothing wrong with that, but you'll quickly realize that in order to delete someone’s personal data, you first must find his or her data and that can prove an almost impossible task, especially when you are using backup tapes to store your backup copies.
You may very well have hundreds if not thousands of backup tapes, some you keep onsite in a fireproof safe, but most are safely kept offsite in your disaster recovery location. The target file (or files) that you have been asked to delete can be on any of these backup tapes.
I can feel your pain …
The good news is that you have just under two-years left to go 'tapeless'.
By the 25th May 2018 your company must be compliant with the General Data Protection Regulation (GDPR) – of course subject to your company trading in or with the European Union. Article 17 of this new regulation addresses the ‘right to erasure’ (or ‘right to be forgotten’), which I believe will impact almost every company in the world.
Going 'tapeless' is easier than you may think …
Veritas successfully helps thousands of companies with their transition from a tape-based approach to a disk-based one, as their tape-systems are no longer fit for purpose. For example: companies that are unable to backup the increasing volume of their data within the backup windows. These companies are reporting an increasing number of backup errors or spending an increasing amount of time and money on just keeping the tape system running. To solve this problem, they must redesign their backup to make the backup process reliable, scalable, fast, resilient and cost-effective again.
These companies choose the Veritas NetBackup Appliances to replace their tape-based systems. I see them often deploy the NetBackup Appliances in phases; starting with small or new sites, helping them gain experience before implementing the Veritas NetBackup Appliances company wide, which at that point is an easy, straightforward task. The benefits they feedback to me are remarkable and include:
… but the most compelling benefit is that their data is now readily available. With a Veritas NetBackup Appliance, you assume control over your data. It delivers direct access to your backup copies – there are no tapes to retrieve and change which is a massive time saver – making that ‘right to be forgotten’ request so much easier to deal with.
Get ready for GDPR and boost your backup and recovery performance to a whole new level with the new Veritas NetBackup 5240 Appliance. Start today.
Note: This post was first published on my Linkedin on 21 July 2016.
Thanks for calling this out. Nothing has changed to the file deletion process.
GDPR and in particular article 17 “right to be forgotten” will affect most companies. Once GDPR comes into effect, companies must “without delay” respond to a “right to be forgotten” request; deleting all personal data of that individual, and this includes his or her personal data that is held on backups.
What I am saying is that the deletion process can be performed much faster and much more efficient on our appliances than on a tape-based system. If you use our appliances, then you have direct access to the backup images/ copies. You don’t have to retrieve and change backup tapes. The appliances also deliver a significant boost of the backup and recovery performance over a tape-based system.
I promoted the recently released NetBackup 5240 Appliance in my CTA, because it is our next-generation appliance in the 5200 series with improved performance, higher capacity and price-optimized storage.
Let me know if this answers your question?
Yes, tape might be easier than disk, but this operation will in no way be easy. Maybe now with infomap there would be some kind of indexing after the search feature was removed.
I'm keen to see how this will be implemented.
I have discussed this with some GDPR compliancy lawyers, and I believe it is yet to be decided whether the GDPR will actually require you to delete historic images, or if you just need to ensure that data is "offline" to the public and/or internal users.
I don´t think anyone is yet sure how the GDPR will be interpreted in real life, and what the real-life requirements will be. With tapes it´s even more of a question, will the GDPR actually require you to physically overwrite the images on the tapes after expiring the image, or is it enough to just expire metadata from the catalog, i.e. no need to touch the tape, and actually less work for NetBackup compared to a disk-solution.
As also stated, deleting the entire image would for most people not be the right solution, as it contains tons of other files that does not require deletion, so if this the way forward, we would need to restore the image, delete data and re-backup the data :)
Let´s all cross our fingers that over the next 2 years we will get a clear indication of how to interpret these rules, and that someone with just a little bit of technical indsight can make it clear to the suits, that we need a realistic interpretation.
Guys, I totally disagree!
Tapes is faster than Disk and cheaper as well. Othercase we can go for it but simply not true! Faster Backup slightly depens on Taper vs. Disk characteristics even more on other dimensions like FilesSystem, Type of File, Protocolls, Ethernet/SAN, drivers etc. I have more customers having slowe backcup than tape.
What we can offer is multy stream backup, more granular and more simple. Easier to handle.