Web Development

General discussion


Just what constitutes deletion of sensitive data for the client.

By twindragon99 ·
Good Day all,

This may seem like a question but it does not have a specific answer (at least I don't think so) so I was hoping to get some alternative opinions on it.

The Company I work for has many customers that use our website to register for various programs that we host, and everything from name and contact info to dietary restrictions is sent to us using all the fancy cert encrypted site logins and blah blah blah, the data is then stored in an encrypted format within a SQL database for the duration of the event login and completion.

We always purge the database at the end of the event as the customer requests.

What has currently been posed as a question to me by my VP is...what do we do with the copy of the database that is on backup media.

My answer is simple, I stated that since the data is not in a live format and is kept in our protected safe so we are good to call the data purged.

Does anyone know differently, should I be selectively purging this info form my tapes or am I correct in my statements?



This conversation is currently closed to new comments.

Thread display: Collapse - | Expand +

All Comments

Collapse -


by santeewelding In reply to Just what constitutes del ...

What do you mean by "purge" the first time?

Collapse -

I mean

by twindragon99 In reply to Precisely...

delete the "sensitive" user data from the database.

Collapse -

I would think that

by The Scummy One In reply to Just what constitutes del ...

if your company states that they will purge the data, and not keep it, then this would include the backups as well.

After purging the data, does it not purge the backups?

Collapse -

Well it would...

by twindragon99 In reply to I would think that

but if the data is on the server for over a month then the month end will have been done and then thrown into the storage facility. we keep all month ends for seven years.

Collapse -

Could the NSA, or a new owner, recover the data?

by mdhealy In reply to Just what constitutes del ...

If the NSA, or a new owner of your company should it get sold, could recover the data then I do not consider the data to have been purged. Period.

Collapse -

Good Point

by twindragon99 In reply to Could the NSA, or a new o ...

So I guess the real answer is to recall the tapes with the data on them and perform an update.

Related Discussions

Related Forums