Managing and protecting all enterprise data


The pitfalls of data deletion

STORAGE MANAGERS KNOW all too well that asking end users to clean up old files rarely works. "Whenever you ask anybody to delete their old data, they say, 'I'm too busy, I don't have time,'" says David Radowsky, SAN manager at Actel Corp., an electronics manufacturer in Mountain View, CA. "They're reluctant to out-and-out delete stuff but, at the same time, they won't touch a file for years."

For now, Radowsky is using Arkivio's Auto-Stor software to identify old engineering files and migrate them from an EMC Celerra NAS platform to a SATA-based Centera. "I don't clean up," he says, "I move."

But elsewhere, especially in regulated industries, a battle is raging between two camps: one that would dearly like to delete old data, and another whose mantra is "keep everything."

On the data deletion side are storage managers who would like to free up space and reduce cost and, to a certain extent, legal staff who would like to eliminate potentially incriminating evidence while reducing the amount of data that needs to be reviewed in the event of litigation. Legal discovery is "the hidden part of the iceberg," says Dean Gonsowski, managing director for business consulting at Xiotech and a former practicing attorney.

But "keep everything" proponents may have the upper hand. End users are in favor of keeping everything because they like to archive their past work and "sometimes, it costs less to keep everything than it does to figure out what to keep," says Pete Pepiton, discovery product manager at CA Islandia, NY.

More importantly, most legal professionals believe in "keep everything," arguing that it's unclear what data needs to be retained and what data is deemed "accessible." "I have an attorney friend who says, 'I don't know how to write an opinion that says you are safe to delete things,'" says Pepiton.

Consider the issue of spoliation. As defined on the Web site of law firm Jordan Coyne & Savits LLP, spoliation is the "destruction or material alteration of evidence or the failure to preserve property for another's use as evidence in pending or reasonably foreseeable litigation." In other words, it's not enough just to keep data related to an active lawsuit, you also have to preserve data if a lawsuit is reasonably likely, says Gonsowski.

This issue, as well as the question of whether or not requesting data from backup tapes is a reasonable request (and, if so, who should pay for it), was explored in the case of Zubulake vs. UBS Warburg, a gender discrimination case in which the plaintiff was ultimately awarded $29 million in damages because the bank couldn't produce the relevant requested e-mails.

Some observers are hoping that amendments to the Federal Rules of Civil Procedure that take effect this December will clarify what constitutes "reasonably accessible" information, such as data on backup tapes. Rule 26 (b)(2)(B) states that "a party need not provide discovery of electronically stored information from sources that the party identities as not reasonably accessible because of undue burden or cost." However, the rule goes on to say that "the court may nonetheless order discovery from such sources if the requesting party shows good cause," so the rule may not have the teeth some would have hoped.

The good news is that many companies already have teams devoted to the proper care and handling of business documents, a.k.a. records. Following guidelines established for paper documents, records management professionals may be able to steer an organization to the point at which data deletion becomes acceptable.

Invariably, the first thing a records management professional will need to do is devise a valid record schedule, says Xiotech's Gonsowski, which defines what kinds of documents must be kept and for how long, based on your company's federal and state jurisdictions, plus any industry-specific legislation it's subject to.

Then, with a record schedule in hand, so-called electronically stored information is mapped to its proper retention period--classified either manually or by a data classification engine. Data that has cleared its retention period, and has no legal holds on it, is then theoretically safe to delete.

But how you delete is another point to consider. "The last thing you want is data that's partially deleted," says Gonsowski. To that end, storage managers are becoming increasingly diligent about ensuring thorough and proper deletion.

EMC's Certified Data Erasure Service, a professional services offering that performs stringent multipass overwrites of all the sectors on a disk drive, provides customers with a certificate of erasure. According to Cynthia Curtis, EMC's senior director of customer service marketing, the service has skyrocketed in popularity over the past couple of years. "Customers aren't letting anything leave their site without the assurance that no data can be recovered," she says. "It's almost becoming the standard way of doing business."

--Alex Barrett

Article 1 of 17

Dig Deeper on Data storage compliance and regulations

Start the conversation

Send me notifications when other members comment.

Please create a username to comment.

Get More Storage

Access to all of our back issues View All