Tape archival storage vs. expungement laws

[sullivas]

Hello all, this isn't a Veeam specific issue but that is what we use so figured I'd post here.

I work for a municipal law enforcement agency in Pennsylvania, USA. We currently do NOT archive to tape but know we should be because of cryptoware threat, etc. We are doing an off-site to disk over a WAN connection so we've got sort of a 3-1-1 backup.

Anyway, in an effort to satisfy that "two types of media" and also have one copy in cold/offline storage we'd like to start doing regular offline copies to tape. However, certain laws around criminal records expungement are seemingly standing in our way with a tape strategy. Our disk copies will "age out" in a timely enough manner that this isn't something we've necessarily paid attention to in the past. The expungements occur in production and after a few months they are also gone from all of our disk-based backups.

I envision us doing quarterly (maybe monthly) backups to tape with each tape overwritten after 12 months and also an annual WORM copy to be kept for seven years and then physically destroyed.

So how would this work with tape archival strategies, specifically around the use of WORM media? If we have a disposal schedule written in policy do you think that would suffice? How do the people who need to deal with GDPR-compliant backups apply a long-term backup archive strategy especially in regards to "Right to be forgotten"? How do you comply with expungement but also balance it with disaster recovery?

If you care to get into the weeds with me:

• https://www.attorneygeneral.gov/wp-cont ... /chria.pdf

• https://www.phmc.pa.gov/Archives/Record ... -links.pdf

[soncscy]

Interesting topic

IANYL, but reading your second link:

6.6 Electronic record keeping systems, or procedures external to the system, must provide for the secure, confidential, irreversible destruction of all copies of electronic records (including those on backup media) at the end of the retention period specified by the LGRC. The system must be capable of expunging permanent records when so ordered.

I understand this as if a backup exists that contains a record, you must be able to destroy the backup on command. Frankly, I think that the statement above is incompatible with WORM backups.

As a US Government institution, maybe AWS/Azure GOV are better directions for you? You get the same benefits of immutability (with AWS anyways) and (at cost) you can remove the backup file on demand as you're required. Tape doesn't lend itself to individual deletes, so if you're hoping for WORM-ish backups on a different medium, tape is the wrong way to look, unless you want to dedicate tapes to each backup but I think you'd just shoot yourself in the foot here with such a system.

Anyways, I'm an outsider looking in on a legal system I'm not as familiar with, so take this with a grain of salt.