Here is a real case that happened just a couple of days ago, while helping an ISP to find a way to handle the deletion of data after the mandatory term imposed by the Eu Data Retention Directive expires. Whatever the solution, thank to the rigidity of the provisions, a law will not be obeyed.
Background:
- ? The automatic processing of the data-deletion is usually made so that a script matches daily the data-creation date with the current date, and if the match says that the retention term is expired, then the script delete the data,
- The only exception is a “freeze” order issued by a Court or a prosecutor. In this case it is possible to avoid the requested data to be destroyed,
- The “freeze” order are notified either by fax, secure email or direct order to the “Protocol department” (that handles the incoming communications, and that “route” the messages to the concerned people),
- While when the offices are closed there is always at least one resource belonging to the technical department to be alerted in case of urgency, the administrative offices just shut down the curtains of Friday at – say – 5P.M.,
Scenario:
– let’s say that a secure mail or a fax containing the “freezing” order arrives when the Protocol Department is closed. This means that the request will be processed the next day,
– let’s say that the “freezing” order concerns data that are going to be destroyed the very same Friday night when the order arrived,
What happens is that the “freezing” order arrived timely, before the data were destroyed, but since the internal route of the order is handled when the term is expired, the data have been deleted.
A possible solution could be to extend the deleting time frame of three days (thus accounting for the week-end gap) but it doesn’t work. Here is why.
If I have to destroy the data on Friday, and I kept it until Monday just to check if some Court order has been notified in the meantime, it might happens that on the very same Monday a Court order might be notified in relationship to the Friday-to-be-deleted data (when the data are supposed not to exist anymore).
So, if I follow the DRD I must refuse to comply with the Court order because though the data are there, they can be processed only if the Court order were notified within the original term. On the other hand, I can’t refuse to obey to a Court order, if I still have the concerned information.
A contemporary version of the Buridan’s Ass Paradox.