More than half of UK firms are suffering cyber-attacks and most admit they are under-prepared for data breaches, according to a report by global insurers Hiscox.Continue reading
In an age where data is exploding in size, primary storage is a premium and there are threats from every angle, it is important to manage data more effectively. For a network manager, it can become a time-consuming task simply deciding which data to keep and what to remove. So how do you understand what’s on your network and how best to manage it?
Data archiving is the process of moving data that is no longer actively used to a separate storage device for long-term retention. It is likely to be used on data that needs to be kept for long-term retention or for industry or company regulations.
What are the different types of archiving:
In a similar vein to archiving data, organisations may choose to delete data to reduce the strain on primary storage units. However, unlike data archiving, once the data is removed from the primary store it cannot be restored. When choosing to delete it, it may be down to the following reasons:
ROT – Data that isn’t used can be separated into three categories. Redundant, obsolete or trivial.
Redundant information exists when it is duplicated in multiple places, whether in the same system or across multiple systems. This often leads to issues with different versions and confusion about which is the right version. When there are multiple copies it is important to establish a ‘right’ version.
Trivial data is data of little to no importance; it is created in our daily activities that do not meet the standards of a record (evidence of business activity or historical value), of corporate knowledge (information about how things work), of business insight (analytical data and reports), or of any other value category. This is the data that does not matter and should just be deleted when no longer needed.
The ‘O’ in ROT can mean one of two things; outdated or obsolete. Data that is outdated is “no longer in use or fashionable”. This term is fine when applied to content on websites or intranets. If your top news article refers to something that happened three years ago, that is outdated. Get rid of it.
Obsolete data refers to data that is “no longer in general use”. Information can become obsolete for several reasons. It can be outdated (as defined above). Or it can be replaced (superseded) by other information. Or it can be incorrect or incomplete. Obsolete is a bigger category than outdated. Whatever the reason, obsolete information can lead to confusion as well as actions or outcomes based on bad information.
Data archiving and data deletion can work in tandem and as part of policy-driven business processes, they are an effective way to manage data. Data that is archived consists of older data that is still important to the organisation and may be needed for future reference, as well as data that must be retained for regulatory compliance. Once the data has stretched beyond data-retention requirements, it’s time for it to be deleted. This might be because it has been archived for the amount of time required by law, or because it has been stored indefinitely, but has not been looked at for months or years.
The greatest benefit of archiving data is that it reduces the cost of primary storage. Primary storage is typically expensive because a storage array must produce a sufficient level of IOPS to meet operational requirements for user read/write activity. In contrast, archive storage costs less because it is typically based on a low-performance, high-capacity storage medium.
Archive storage also reduces the volume of data that must be backed up. Removing infrequently accessed data from the backup data set improves backup and restore performance, and lowers secondary storage costs.
The benefits for deleting data: it helps to reduce the cost of primary storage and in doing so reduces the costs associated with providing sufficient levels of operational requirements. Deleting data – in a similar vein to data archiving – reduces the volume of data that needs to be backed up, reducing the costs associated with backups.
General Data Protection Regulation (GDPR) is new data protection legislation that was approved and implemented by the European Parliament in April 2016. As European Law, it took effect on May 25th, 2018.
GDPR replaced the previous European Data Protection Directive (DPD), adopted in 1995, and in the UK, it replaced the Data Protection Act (DPA). One of the initial differences between GDPR and DPD is that GDPR is a regulation, not a directive; as a regulation, no additional legislation needed to be passed by governments of member states for it to come into effect. While containing many prescriptive requirements, such as documenting IT procedures, performing risk assessments, defining data collection and retention policies and notifying authorities of breaches, the GDPR is more descriptive than prescriptive.
Businesses of all sizes need to take GDPR into account and be able to demonstrate compliance. One of the main differences between GDPR and the Data Protection Act (DPA) is the transparency that businesses need to provide to the enforcing authority. In the UK, this authority is the Information Commissioner’s Office (ICO).
The data subject has the right to obtain from the controller the erasure of personal data concerning him or her without undue delay and the controller has the obligation to erase personal data without undue delay where one of the above grounds applies.