Showing results for 
Search instead for 
Did you mean: 

Data deletion proof

Go to solution
Frequent Advisor

Data deletion proof

Hi Gurus

We have financial data hosted in third party shared storage.Now we are moving out of the this shared storage and the data is going to be hosted in our own datacenter.But as per Financial Services Authority we should have a certificate/proof that the data is deleted from the shared storage.

Have you guys come across such situation or any tools which comply this?
Frequent Advisor

Re: Data deletion proof

Hi All

Any ideas will be much appreciated
Mel Burslan
Honored Contributor

Re: Data deletion proof

when you talk about shared storage, you can not do this on your own. Sit and think about it for a minute. if this shared storage has more than one copy of the data for backup purposes and you know there should be a copy somewhere that is used daily to perform backups without interrupting your operations, how can you be sure that it got deleted once you delete the data from your current disks using whatever secure data shredder tool you use. If that copy is offline at the time you delete your live data, it is up to the storage hosting provider to delete that data.

Contact the storage service provide and have them issue you a document that says, the contents of all your storage areas have been irrecoverably deleted using whatever tool they prefer to use. And keep that piece of paper for future audits, indefinitely. At this point, if there happens to be a data breach from those records, it is not your or your company's responsibility.
UNIX because I majored in cryptology...
Frequent Advisor

Re: Data deletion proof

Thanks Mel,that makes sense
Steven E. Protter
Exalted Contributor

Re: Data deletion proof


Take a hammer to the hard disk and destroy it.

I used to work for NDS, a security company. That is how we made sure the data can not be recovered.

Even a full OS install is something security agencies like the NSA know how to undo.

Steven E Protter
Owner of ISN Corporation
Honored Contributor

Re: Data deletion proof

"Take a hammer to the hard disk and destroy it.

I used to work for NDS, a security company. That is how we made sure the data can not be recovered."

while I agree, I think you're referring to a storage owned by third party, somewhere off-site. If so, SEPS approach won't work.

it sounds like you'll need to find out what the Financial Services Authority considers acceptable as to certification. Then the third party would have to meet that standard.

If I'm correct about an outside source hosting the data, then you might need to pass this to your Legal or Compliance Department, as somebody is going to have to work out what is acceptable removal, whats acceptable as to certifying the required work was done, what certification is acceptable, and what auditing (if any) needs to be done to insure conformance. Lawyers will certainly get involved somewhere. Somebody might have to pay for an independent audit to prove compliance. Then there is always the issue of "backup copies", which the 3rd party would have to destroy as well.