Quantcast

Bacula and GDPR - right to be forgotten

classic Classic list List threaded Threaded
3 messages Options
Reply | Threaded
Open this post in threaded view
|  
Report Content as Inappropriate

Bacula and GDPR - right to be forgotten

Waqar Khan

Hi,

 

The new GDPR laws coming into effect – it is being debated whether the “data erasure” section applies to backs up but from a technical point of view how are you guys deleting a person’s data from every backup e.g. for the last 60 days.

Does anyone have an opinion on whether this law effects backups of personal data as well?

 

I take rsync’s and mysqldumps, it seems highly impractical to go through each volume and find records and files pertaining to a particular user and remove this data from the backups somehow.

 

I’m just at a loss of how to comply with this using bacula…If someone comes to me and says I want all my personal data deleted, what would I do to get rid of it from every backup.

 

Any help appreciated!

 

Regards

 

 
****************************************
IMPORTANT INFORMATION
The information contained in this email or any of its attachments is confidential and is intended for the exclusive use of the individual or entity to whom it is addressed.
It may not be disclosed to, copied, distributed or used by anyone else without our express permission.
If you receive this communication in error please advise the sender immediately and delete it from your systems.
This email is not intended to and does not create legally binding commitments or obligations on behalf of Hornbill Service Management Limited which may only be created by hard copy writing signed by a director or other authorized officer.
Any opinions, conclusions and other information in this message that do not relate to the official business of Hornbill Service Management Limited are unauthorized and neither given nor endorsed by it.
Although Anti-Virus measures are used by Hornbill Service Management Limited it is the responsibility of the addressee to scan this email and any attachments for computer viruses or other defects.
Hornbill Service Management Limited does not accept any liability for any loss or damage of any nature, however caused, which may result directly or indirectly from this email or any file attached.
 
Hornbill Service Management Limited. Registered Office: Apollo, Odyssey Business Park, West End Road, Ruislip, HA4 6QD, United Kingdom. Registered in England Number: 3033585.
****************************************
------------------------------------------------------------------------------
Check out the vibrant tech community on one of the world's most
engaging tech sites, Slashdot.org! http://sdm.link/slashdot
_______________________________________________
Bacula-users mailing list
[hidden email]
https://lists.sourceforge.net/lists/listinfo/bacula-users
Reply | Threaded
Open this post in threaded view
|  
Report Content as Inappropriate

Re: Bacula and GDPR - right to be forgotten

Josip Deanovic
On Friday 2017-03-31 09:57:11 Waqar Khan wrote:

> Hi,
>
> The new GDPR laws coming into effect - it is being debated whether the
> "data erasure" section applies to backs up but from a technical point
> of view how are you guys deleting a person's data from every backup
> e.g. for the last 60 days. Does anyone have an opinion on whether this
> law effects backups of personal data as well?
>
> I take rsync's and mysqldumps, it seems highly impractical to go through
> each volume and find records and files pertaining to a particular user
> and remove this data from the backups somehow.
>
> I'm just at a loss of how to comply with this using bacula...If someone
> comes to me and says I want all my personal data deleted, what would I
> do to get rid of it from every backup.
>
> Any help appreciated!

Theoretically it would be a PITA to do it but it is possible.
You would need to determine jobs containing your target files.
Then, using bacula database and its tables you would be able to
determine actual location of the target files on the media and
manually zero these blocks on the media.

However, such mangling with the backup volumes should be considered
very dangerous and the whole thing about the right to be forgotten
law is a bit funny.

I don't know if a commercial version of Bacula could make this
procedure easier and more safe.

--
Josip Deanovic

------------------------------------------------------------------------------
Check out the vibrant tech community on one of the world's most
engaging tech sites, Slashdot.org! http://sdm.link/slashdot
_______________________________________________
Bacula-users mailing list
[hidden email]
https://lists.sourceforge.net/lists/listinfo/bacula-users
Reply | Threaded
Open this post in threaded view
|  
Report Content as Inappropriate

Re: Bacula and GDPR - right to be forgotten

Kern Sibbald
In reply to this post by Waqar Khan

Hello,

Can be implemented (though administratively a pain) by backing up each user's personal data in a different job, possibly with different pools.



On 03/31/2017 11:57 AM, Waqar Khan wrote:

Hi,

 

The new GDPR laws coming into effect – it is being debated whether the “data erasure” section applies to backs up but from a technical point of view how are you guys deleting a person’s data from every backup e.g. for the last 60 days.

Does anyone have an opinion on whether this law effects backups of personal data as well?

 

I take rsync’s and mysqldumps, it seems highly impractical to go through each volume and find records and files pertaining to a particular user and remove this data from the backups somehow.

 

I’m just at a loss of how to comply with this using bacula…If someone comes to me and says I want all my personal data deleted, what would I do to get rid of it from every backup.

 

Any help appreciated!

 

Regards

 

 
****************************************
IMPORTANT INFORMATION
The information contained in this email or any of its attachments is confidential and is intended for the exclusive use of the individual or entity to whom it is addressed.
It may not be disclosed to, copied, distributed or used by anyone else without our express permission.
If you receive this communication in error please advise the sender immediately and delete it from your systems.
This email is not intended to and does not create legally binding commitments or obligations on behalf of Hornbill Service Management Limited which may only be created by hard copy writing signed by a director or other authorized officer.
Any opinions, conclusions and other information in this message that do not relate to the official business of Hornbill Service Management Limited are unauthorized and neither given nor endorsed by it.
Although Anti-Virus measures are used by Hornbill Service Management Limited it is the responsibility of the addressee to scan this email and any attachments for computer viruses or other defects.
Hornbill Service Management Limited does not accept any liability for any loss or damage of any nature, however caused, which may result directly or indirectly from this email or any file attached.
 
Hornbill Service Management Limited. Registered Office: Apollo, Odyssey Business Park, West End Road, Ruislip, HA4 6QD, United Kingdom. Registered in England Number: 3033585.
****************************************

------------------------------------------------------------------------------
Check out the vibrant tech community on one of the world's most
engaging tech sites, Slashdot.org! http://sdm.link/slashdot


_______________________________________________
Bacula-users mailing list
[hidden email]
https://lists.sourceforge.net/lists/listinfo/bacula-users


------------------------------------------------------------------------------
Check out the vibrant tech community on one of the world's most
engaging tech sites, Slashdot.org! http://sdm.link/slashdot
_______________________________________________
Bacula-users mailing list
[hidden email]
https://lists.sourceforge.net/lists/listinfo/bacula-users
Loading...