Under HIPAA and some privacy laws (in US, EU and other countries), the user has the right to amend (under some laws even delete) his/her data. What is the right way to handle a request to amend/delete regarding archived data or backups? That data may not be in use today but it may be accessed in the future.
Asked
Active
Viewed 150 times
1 Answers
1
I can only speak for the UK; here the end consumer (or the subject of the data) has a right to enforce that an organisation (a data processor) keeps up to date information about the subject. The act does not make any special provision for backups etc
if old data is accessed from time to time then it is the responsibility of the organisation (data processor) to ensure that the data is matched against the most recent data before utilising it.
Why would you sometimes access old data (except during a disaster)?
Callum Wilson
- 2,533
- 10
- 15
-
Thanks for your answer. I think then the only data to be modified is data in use, not data at rest (unless data at rest become data in use, as in a backup restore). – MV. Jan 17 '13 at 11:44