[HarryHirsch]

Data retention is negotiated and spelled out in detail in NDAs for contract research organizations. It's easy to delete data from servers once a project is done, but the backup tapes also have copies. You can't throw the tapes out, because the company needs them, hence there are agreements what happens to the data and tapes, and nowadays these are standard practice.

This is a solved problem in the real world, but some companies would have us think it's the Wild West, when in fact it isn't.

[TechnicalVault]

The solution with backup tapes is obvious, you encrypt the files on the tapes with session keys and encrypt a copy of the session key with a client/project or project key stored on a separate random access medium. When the project needs to be deleted you destroy the key for that project, job done. The most difficult bit is enforcing the proper ownership and location of files so that you know which ones belong to which project. More complicated schemes can sllow files to be shared between projects but the basic principle remains the same.

[rbobby]

But what about the backups of where the encrypted session keys are kept? Wouldn't this be a "backups all the way down" situation?

[oakwhiz]

Backups of keys are a lot smaller and fit on USB flash drives and CDs. So in practice keeping encrypted backups with multiple keys is easier to deal with

[greenyoda]

But an NDA can't prevent a company from turning over their backup data to the authorities when presented with a legitimate warrant from a court.

[HarryHirsch]

At least you know what documents are retained, and in what form, and for how long, and you can plan around that. With all these free services you can only assume the worst.