Should Data Just Fade Away?

from the sometimes-yes,-but-often-no dept

Mon, Jun 14th 2010 8:16pm — Mike Masnick

Michael Scott points us to a report suggesting that one way to deal with the privacy issues of data stored online is to set up databases that automatically have plans to let data "fade away" over a certain period of time. Of course, I'm not sure what's particularly new or unique about this. Lots of companies have systems in place to purge types of data after it reaches a certain age. Most companies have log files that delete after 6 or 12 months or whatever. The other issue, of course, is that with new data retention laws in place, many companies are forced by the government to retain certain types of data. And, finally, even if you plan for certain data to be deleted, there's not necessarily a guarantee that it actually has been deleted.

Thank you for reading this Techdirt post. With so many things competing for everyone’s attention these days, we really appreciate you giving us your time. We work hard every day to put quality content out there for our community.

Techdirt is one of the few remaining truly independent media outlets. We do not have a giant corporation behind us, and we rely heavily on our community to support us, in an age when advertisers are increasingly uninterested in sponsoring small, independent sites — especially a site like ours that is unwilling to pull punches in its reporting and analysis.

While other websites have resorted to paywalls, registration requirements, and increasingly annoying/intrusive advertising, we have always kept Techdirt open and available to anyone. But in order to continue doing so, we need your support. We offer a variety of ways for our readers to support us, from direct donations to special subscriptions and cool merchandise — and every little bit helps. Thank you.

–The Techdirt Team

Filed Under: data, data retention, privacy

13 Comments

If you liked this post, you may also be interested in...

Reader Comments

Subscribe: RSS

View by: Time | Thread

Anonymous Coward, 14 Jun 2010 @ 8:22pm

for the rest of the world, its called a data retention policy. after x months / years, delete data. as companies are required to keep information for tax purposes for a long time (years), it is likely that customer data would have to be retained in some form for a similar period of time.
[ link to this | view in chronology ]
Anonymous Coward, 14 Jun 2010 @ 8:29pm

I think such plans do little to help protect privacy and it can serve to distort history and make it more difficult for future generations to learn about past generations.
[ link to this | view in chronology ]
Anonymous Coward, 14 Jun 2010 @ 9:20pm

Backup Tapes. They'll never get ALL the backup tapes!!
(the little sods breed in the dark... I've seen them)
[ link to this | view in chronology ]
Anonymous Coward, 14 Jun 2010 @ 9:23pm

Get rid of the SSN as a security identifier. Would be the best thing possible for privacy. Of course it would also be very expensive for every company in the States to implement.
[ link to this | view in chronology ]
- Michael, 15 Jun 2010 @ 8:18am
  
  Re:
  And then use what? Wouldn't the new identifier end up being the same old problem? Would you like to be writing a 36 character GUID onto all government forms?
  
  The identifier being used is not really the problem. The problem is the misuse of the identifier as a was to ensure you are who you say you are and then the lack of a system to check what your identifier is being used for.
  [ link to this | view in chronology ]
  - mdominguez2nd (profile), 15 Jun 2010 @ 8:54am
    
    Re: Re:
    @Michael
    
    I agree with you 100%. Another issue is the fact that practically anyone can get a driver's license (hell, you can practically get one out of a cracker jack box) and the fact that that is used to open a bank account, get a cell phone, etc. All these IDs are being used for the most ridiculous things, none of which really coincide with their intended uses.
    [ link to this | view in chronology ]
Anonymous Coward, 15 Jun 2010 @ 12:42am

Storage is finite other than that, there is a reason we forget things, if we don't forget anything every time some one do something wrong we wouldn't as a group be able to function, some people don't know the meaning of the word's second chance and forgiveness.

Also laws should be forgotten if they are not used, we live in a dynamic society and if there are laws that no one uses or cares why should they stay in the books forever?
[ link to this | view in chronology ]
bob, 15 Jun 2010 @ 1:45am

Medical Records
Medical Records are required by the government to be retained for life, and not the life of the patient, but for ever.
How is this going to work?

The raw history of the world is now in data banks what should we do with that?
[ link to this | view in chronology ]
- Anonymous Coward, 15 Jun 2010 @ 1:54am
  
  Re: Medical Records
  On the other hand I can see archaeological value for medical records and some useful things people can do with them, like mapping medical conditions along with environment parameters can yield clues as to what affects people in a certain region and could be used to tell you how much of a chance you could get pulmonary cancer for example.
  
  I know those things will get abused, but I think society should stand and fight for it not to be abused.
  [ link to this | view in chronology ]
Random Thoughts, 15 Jun 2010 @ 4:12am

Some imagination ppl...
I haven't read the source article and somebody cleverer than me would have to realise it but didn't the words "Fade Away" get anyone else's imagination firing?

What if a database could 'forget' data using various criteria like time, sensitivity, legal requirements etc. distilling it as it goes.

Not making a call on whether this is good bad or ugly but it would certainly be an interesting academic exercise.

The responses so far seem way too black and white for an article whose title implies shades of grey.
[ link to this | view in chronology ]
Leslie, 15 Jun 2010 @ 5:23am

Might not work on some data
I don't think this will work on all data. As someone has mentioned, medical files should be retained for life. A solution to this is to keep all secured data on a different drive--one that is not accessible on the internet but only within the company. Information with sensitive nature should never be released into the internet anyway.
Oh...and probably better security.
[ link to this | view in chronology ]
mdominguez2nd (profile), 15 Jun 2010 @ 7:46am

"And, finally, even if you plan for certain data to be deleted, there's not necessarily a guarantee that it actually has been deleted."

Agreed. Forensic toolkits anyone? If the DB is going to "delete" information, short of destroying the storage device the data is on, its going to take additional steps to make sure that the data is gone for good. The DoD and Gutman (spelling?) standards come to mind...

It just seems like a lot more effort than a company is probably willing to spend to adequately delete data.
[ link to this | view in chronology ]
Evan, 15 Jun 2010 @ 8:14am

Kind of reminds me of a proposed French law
The notion reminds me of a law they were thinking about in France a few months ago, a "Right to Forget" law: http://news.bbc.co.uk/2/hi/programmes/click_online/8447742.stm
[ link to this | view in chronology ]