[Spivak]

I don’t consider an issue solved until there are commodity implementations of the solution. Right now there are bespoke backup systems that can do per-record deletion and lots of orgs are relying on maximum retention policies to do ensure deletion on “traditional” backup systems. Until off-the-shelf backup software like Veeam and Borg can handle the use-case it will always be an option only if you have a staff of developers instead of an IT staff.

[gkop]

Across the US, courts require data to be hard-deleted in cases of, for example, the expungement of a juvenile’s criminal record. This is a technical problem faced by all courts. Are you suspecting that courts are not taking backups, or that they are not properly wiping expunged records from their backups, or that courts employ developers that build bespoke backup pruning systems?

[Spivak]

I used to do IT in the public sector but not for the court system. I'm saying that they're almost surely using some off-the-shelf backup tool and having "deletions will filter though the backups in $x months" as a good enough solution.

Reaching into the backups or doing per-record encryption isn't something that you can just buy at this point.