Open Discussion

Expand all | Collapse all

GDPR

  • 1.  GDPR

    Posted 06-26-2018 13:45
    How are you handling the new GDPR regulations?

    Once a user has removed their personal files from the backup set the only way to remove them from the backup archive is to change the Frequency of the "Remove Deleted files" setting.

    My concerns:
    1. This remove all deleted files, not just personal files.
    2. If the user accidentally copies a personal folder to the desktop, it will be backup to the archive within 15 minutes and will need to be removed.
    These are the options we are considering for removing files from archive:

    1. Create a new Organization with the setting set to every day. If requested by the user, their device can be added to this Organization temporally until their deleted files have been removed. 
    2. Unlock the Frequency settings on the client to allow them to change the  "Remove Deleted files" setting.  

    Thoughts?

    Thanks
    Dave

    ------------------------------
    Dave Mathieu
    ------------------------------


  • 2.  RE: GDPR

    Posted 06-27-2018 19:20
    Hi Dave,

    Our support site has some helpful content on this topic. This article in particular provides a couple of different options to support "right to be forgotten" requests from customers.

    https://support.code42.com/Terms_and_conditions/Compliance_resources/Code42_and_GDPR_compliance#Features_to_assist_with_.22right_to_be_forgotten.22_requests

    If you still have questions we are here to help!

    Josh

    ------------------------------
    Josh Evans
    Product Manager
    Code42
    ------------------------------



  • 3.  RE: GDPR

    Posted 06-29-2018 09:09
    Hi Josh,

    Thanks for replying.

    Our only option to remove data from a user's backup archive is to adjust the below setting on the client or in the console. I am curious on how other companies are planning to accommodate request from users to delete "personal" data from the backup archive.

    Does Code42 plan to add new features to help with GDPR?




    ------------------------------
    Dave Mathieu
    ------------------------------



  • 4.  RE: GDPR

    Posted 06-29-2018 09:13
    In our environment we sometimes have to do "targeted wipes" due to data spills. What we do is when we get the username from the CSRs, we look in Crashplan and find the archive names and locations in both our primary and secondary sites, then we stop the CP service on the servers that are running their archives. Once the services are verified as stopped, we use BCWipe to target wipe the archives using a DoD wipe. We unfortunately chose Windows for our storage devices simply do the the fact that we can satisfy our requirements with screenshots from BCWipe.

    ------------------------------
    Gairy Spiers
    Systems/IT Architect Lead
    Atlanta GA
    ------------------------------