Re: Discoverability of expired tapes?

["Jones, Dan" <Dan.Jones () UMASSMED EDU>]

Any data that exists is discoverable under a litigation hold or a
document production demand. This can be contextual, and I've seen
instances where going back to archived tapes was seen as "undue burden".


 

With data retention schedules, the most important element can be making
sure the data are destroyed at the correct time. If policy says that the
backup expires after 14 days, there should be a standard, documented
process to destroy data at the end of the retention window. Allowing
this to go unaddressed and later playing catch-up (in many
circumstances) can be interpreted as destroying evidence. 

 

To support this, either the Exchange tapes should be done as a separate
batch so they can be degaussed/destroyed, or the tape backup system
should be capable of deleting data after a pre-set duration and
generating a report to that effect. 

 

If a litigation hold is placed on your organization, then data
destruction must stop until the evidence has been harvested and the
litigation has been completed. Anything held on user's disks or personal
mailboxes still discoverable, as are any backup tapes/disks/etc. 

 

In a litigation, the attorneys typically negotiate a list of search
terms and data custodians. Communicating the terms of a lit hold to any
employees who hold relevant (custodians) data is very important (for
data preservation as well as for organizational indemnification). 

 

Always best to consult General Council, however this material is still
new to many attorneys. 

 

Hope this is helpful. 

 

Dan Jones

Information Security Officer

UMass Medical School

 

From: The EDUCAUSE Security Constituent Group Listserv
[mailto:SECURITY () LISTSERV EDUCAUSE EDU] On Behalf Of Greg Francis
Sent: Wednesday, January 06, 2010 11:32 AM
To: SECURITY () LISTSERV EDUCAUSE EDU
Subject: [SECURITY] Discoverability of expired tapes?

 

 

Hello,

 

I have a question for those out there that may have dealt with this
issue.

 

We have set our tape backups for our Exchange system to expire after
14-days. We keep no archives. This not only saved us a significant
number of tapes and had negligible impact on our recoverability, but it
also reduced our eDiscovery issues significantly. BTW, we don't  have a
mail archiving solution in place.

 

What I just discovered in our backup system is that, even though the
backups are expiring, until the tapes themselves are reused, the backup
is still listed. The tapes are all marked as "expired" and are available
for reuse but the actual session (we use HP Data Protector) doesn't
purge from the backup software until all of the tapes for the session
are used. In reviewing this, I discovered that three backups over the
14-day expiration period still have all of the tapes available so I
could theoretically recover them if I had the need.

 

My question is this, since I can recover these backups, are they
discoverable even though all of tapes are marked as expired?

 

BTW, I'm looking at ways to purge these sessions once they have expired
but we're in a situation where we might not want to do that right now.

 

Thanks,

Greg

 

 

Greg Francis
Director, Central Computing and Network Support Services
Gonzaga University