Slashdot Mirror
The Importance of Deleting Old Stuff
An anonymous reader writes: Bruce Schneier has codified another lesson from the Sony Pictures hack: companies should know what data they can safely delete. He says, "One of the social trends of the computerization of our business and social communications tools is the loss of the ephemeral. Things we used to say in person or on the phone we now say in e-mail, by text message, or on social networking platforms. ... Everything is now digital, and storage is cheap — why not save it all?
Sony illustrates the reason why not. The hackers published old e-mails from company executives that caused enormous public embarrassment to the company. They published old e-mails by employees that caused less-newsworthy personal embarrassment to those employees, and these messages are resulting in class-action lawsuits against the company. They published old documents. They published everything they got their hands on."
Schneier recommends organizations immediately prepare a retention/deletion policy so in the likely event their security is breached, they can at least reduce the amount of harm done. What kind of retention policy does your organization enforce? Do you have any personal limits on storing old data?
Sony illustrates the reason why not. The hackers published old e-mails from company executives that caused enormous public embarrassment to the company. They published old e-mails by employees that caused less-newsworthy personal embarrassment to those employees, and these messages are resulting in class-action lawsuits against the company. They published old documents. They published everything they got their hands on."
Schneier recommends organizations immediately prepare a retention/deletion policy so in the likely event their security is breached, they can at least reduce the amount of harm done. What kind of retention policy does your organization enforce? Do you have any personal limits on storing old data?
My company deletes emails after 90 days unless you jump through burning hoops to save a limited number of them. And has IM logging forced to disabled. This REALLY sucks when you want to go back to refer to something. And is so transparently a CYA move.
How about instead of deleting everything people just are not a-holes? And if they can't help themselves maybe they should be exposed. Instead they make us all work in circles as we forget our past.
Things we used to say in person or on the phone we now say in e-mail, by text message, or on social networking platforms. ... Everything is now digital, and storage is cheap — why not save it all?
Sony illustrates the reason why not. The hackers published old e-mails from company executives that caused enormous public embarrassment to the company. They published old e-mails by employees that caused less-newsworthy personal embarrassment to those employees, and these messages are resulting in class-action lawsuits against the company.
Never Write what you can Phone;
Never Phone what you can Say;
Never Say what you can Whisper;
Never Whisper what you can Nod;
Never Nod what you can Wink.
I want peace on earth and goodwill toward man.
We are the United States Government! We don't do that sort of thing.
I keep all my e-mails in an offline folder. 13 GB and counting.
Saved my arse more times I am willing to count. After the first 15 or so occurrences, people generally leave me alone when I tell them "I could dig into my old e-mails for that information".
Deleting old stuff is definitely worse than keeping it secure, preferably encrypted using a separate tool and password.
...gis sdrawkcab (usually not responding to ACs; don't bother posting as AC)