Using tape as a backup target
Post Reply
Fredo
Influencer
Posts: 23
Liked: 5 times
Joined: Aug 14, 2017 12:27 pm
Full Name: Fred O.
Location: Schlieren, Switzerland
Contact:

Feature request - right to be forgotten

Post by Fredo »

Dear Veaam, I have a feature request. We want to be able to remove specific folders from backup. Mainly from tape backup, but also form disk backup. This question is very much related to GDPR article 17 (https://gdpr-info.eu/art-17-gdpr).

Shestakov
Expert
Posts: 7328
Liked: 776 times
Joined: May 21, 2014 11:03 am
Full Name: Nikita Shestakov
Location: Prague
Contact:

Re: Feature request - right to be forgotten

Post by Shestakov »

Hello Fred,
What if you will have an option to remove the specific folders before restore, so they never appear in production? Will that work for you?
Removing folders from backup is a hassle since backup consists of data blocks.
Thanks!

Fredo
Influencer
Posts: 23
Liked: 5 times
Joined: Aug 14, 2017 12:27 pm
Full Name: Fred O.
Location: Schlieren, Switzerland
Contact:

Re: Feature request - right to be forgotten

Post by Fredo »

Dear Nikita, that option would not work; my request is related to the GDPR regulations. According to this regulations, we should be able to remove certain data. I understand that it is a hassle to remove specific data from any backup (disk or tape) but I guess that other Veeam users will ask for this feature as well in order to follow these new EU regulations.

Shestakov
Expert
Posts: 7328
Liked: 776 times
Joined: May 21, 2014 11:03 am
Full Name: Nikita Shestakov
Location: Prague
Contact:

Re: Feature request - right to be forgotten

Post by Shestakov »

Not GDPR expert, but afaik there is a restriction to have the certain data in production.
If you want to remove the data from backups you can restore VMs with the mentioned script deleting the desired data and back up VM back to disk and tape.

L0g333
Novice
Posts: 7
Liked: never
Joined: May 10, 2017 9:36 am
Contact:

Re: Feature request - right to be forgotten

Post by L0g333 »

Shestakov wrote: Nov 06, 2018 2:35 pm Hello Fred,
What if you will have an option to remove the specific folders before restore, so they never appear in production? Will that work for you?
Removing folders from backup is a hassle since backup consists of data blocks.
Thanks!
Hi,

i am currently writing my master thesis on this topic. Since I am also working as an sysadmin in parallel, I was wondering if Veeam does support the mentioned feature. Could not find something similar. Is it possible to mark specific folders (or possibly also Records in Databases, Objects in Exchange Databases) to be excluded in case of a restore?

For example: A client asks us to erase data about him and we are forced to follow this request upon the GDPR. We would then delete the requested Data in the Live System (lets say its a folder on the Fileserver and some E-Mails in Exchange). Is it possible to mark the related data in ALL existing veeam Backup Files to be excluded in Case of a Restore?

If this would be possible it'd be a huge benefit for gdpr compliance! Since the erasure of actual data in a backup is a big hassle. What about this:
Each Object (File, Database Record, Exchange Object) etc. in the backup gets encrypted with a different key. These keys are then stored in a seperate Database - lets call it keystore. Upon a erasure request, the relevant data would be marked to be "forgotten" which means, that the related key is wiped from the "keystore". I guess this could be an gdpr compliant approach for at least short term backups, since it is mostly not likely to crack a modern encryption algorithm within the next years (Experts argue that encryption without knowing the key is not anonymization but pseudonymization since it is likely to be able to crack current encryption algorithms in 20 years or so).

Thanks you :)

veremin
Product Manager
Posts: 18977
Liked: 1923 times
Joined: Oct 26, 2012 3:28 pm
Full Name: Vladimir Eremin
Contact:

Re: Feature request - right to be forgotten

Post by veremin »

Right to be forgotten implies that user-specific information is not restored from backup, not removed from it. And we do provide this functionality. Thanks!

L0g333
Novice
Posts: 7
Liked: never
Joined: May 10, 2017 9:36 am
Contact:

Re: Feature request - right to be forgotten

Post by L0g333 »

Hey Eremin,

thank you for your quick response. On which GDPR Article, law or official statement does Veeam built this statement, that the right to be forgotten does not imply Data within Backups and archives? I have read a lot about that topic, and as far as I can see there is no clear answer on this question. And as long as there is no certainty, privacy experts advice controllers to be able to delete data from backups (which for sure is not a straightforward task, neither for controllers nor backup software developers...)

skrause
Expert
Posts: 487
Liked: 103 times
Joined: Dec 08, 2014 2:58 pm
Full Name: Steve Krause
Contact:

Re: Feature request - right to be forgotten

Post by skrause » 1 person likes this post

Deleting data from backups breaks immutability which is required by many other legal regulations.

GDPR is not just about the "right to be forgotten," it is also about protecting the data from being lost/stolen.
Steve Krause
Veeam Certified Architect

Post Reply

Who is online

Users browsing this forum: Bing [Bot] and 7 guests