Backup Changes Driven by SOPPA



As a Software as a Service (SaaS) provider, we strive to provide high levels of security and availability.  As part of our operations, we take regular backups of the system, primarily to support disaster recovery.  These are downloaded and stored offsite, and could be used to restore the system in case of emergency.  This is standard in the industry, and we follow best practices.


The backups have other utility too.  Sometimes our customers make mistakes, and accidentally delete data.  As a courtesy, we can load an old backup (prior to the delete) and retrieve the data.  We don’t formally offer this service (as it can be time-consuming), but we like to be cooperative and helpful.  Depending on what was deleted, customers can get frantic.  It feels good to “save the day.”


Since data storage media is inexpensive, in the past we’ve had no pressing reason to delete old backups.  Consequently we’ve accumulated system-wide backups going back many years. 


With the advent of SOPPA, we needed to change this process.  When customers depart, the law now requires us to permanently delete their data from our custody.  While it’s easy to remove data from our online production system (we just delete the school/district), we also need to remove data from all backup files too.  Since it’s not feasible to remove a single customer’s data from each system-wide backup file, we’ll delete all older backup files.  


We are allowed a lag period for deleting data.   So we looked at our logs, and found that the oldest data restore ever requested was 250 days old.  We made a decision that, going forward, we’ll keep backups for one year only.  This should allow us to meet SOPPA requirements while still helping customers who’ve accidentally deleted data (and of course to prepare for disaster recovery).  We have already destroyed our large store of backups, and will regularly destroy files older than one year.  Departing customers’ data will exist inside our backup set for one year only.


It’s unlikely that this change would be noticeable by any customer.  While this operational detail wouldn’t normally warrant a news article, we think pretty deeply about our operations, and thought that some “techie” customers might find it interesting.  Most likely aren’t aware of our processes, and might enjoy the transparency.



The Common Goal Team