We have, so far, looked at privacy as a holistic business differentiator as well as a risk mitigator, involving processes such as classifying data, building an inventory, sharing data securely, and conducting technical privacy reviews. Another key concept in data privacy is data deletion; this is critical, since most security and privacy risks emanate from data misuse, leakage, and exfiltration. Chapter 5 provided some useful techniques for obfuscating data so as to mitigate privacy harms if the data is mishandled. However, in some cases, it may be more practical to delete the data altogether, since the best way to prevent data misuse is to not have the data at all.
This chapter will walk you through a system architecture for deleting data in a highly distributed environment. You will need to adapt what we discuss here to your systems, since all companies vary in their architecture and data, but this chapter will provide you with hands-on skills to start this complex but necessary initiative. You will learn how to approach operational and archival data from a privacy perspective.