from Hacker News

Ask HN: How do I evidence "deletion of data" on AWS for a client?

by Erazal on 1/10/24, 6:35 PM with 4 comments

We're a company creating AI summaries of conversations in a user accessible library, recording video conference and VOIP calls for our users.

We store data using AWS S3 buckets.

An enterprise prospect, after initially churning for a subset of users, is considering a full company-wide return. Their primary concern is our ability to "evidence deletion of data" on AWS. How is this typically achieved, considering that a byte of data can always be duplicated elsewhere?

What are standard procedures or best practices in these cases, especially considering any regulatory compliances? If anyone has encountered similar situations, how did you handle them?

  • by lelandbatey on 1/10/24, 6:48 PM

    My assumption is that this is not _really_ a technical question and is instead more of an accounting question. My assumption is that you'd have to come up with documentation showing everywhere their data goes within your system then you basically "super promise" (usually in the form of a legal contract) that you do delete it in all those places, and you _also_ create a record of those deletion mechanisms (e.g. recording the DELETE HTTP request you make to the S3 rest API).

    That basic approach (promise in contract then record your efforts to comply) is the approach I've seen taken for e.g. CCPA-style compliance mechanisms.

    Note though that what I've described isn't necessarily exactly a fit for your problem domain; nor is my description complete (e.g. if you only do what I just listed, you may have a very angry client). Just thinking out loud here.

  • by DamonHD on 1/10/24, 6:40 PM

    Proving deletion is kinda like proving a negative, I've been there.

    Things that may help: * A method statement (procedure) for creation and deletion. * Careful screenshots of the above for sensitive datasets including the 'after' state, eg trying to access old data getting an error. * Signed statements by the people doing the above that they actually did the above in good faith and had it cross-checked by someone senior. * Possibly stamp it so someone has liability if wrong.

  • by toomuchtodo on 1/10/24, 6:49 PM

    I've used a letter of attestation with a sample of log metadata from logs action was taken against and the command executed for evidence of this.

  • by belter on 1/10/24, 7:01 PM

    You can't prove a negative. How would you do it for an on-prem scenario?