So...are they still using tape or is this data recorded on disc...digitally?
Data on a hard drive:
The electrical and mechanical processes for saving data to a hard drive is quite complex.
I do not want to get too technical here so to make this as simple as possible:
Think of a newly formatted, empty hard drive as a library with empty shelves.
Let's say you write a book. Now you want to save that book. You place the book on a shelf. After a while you've written many books and now there are hundreds of books stored on many shelves.
Now, you want the public to be able to access and read your books ... but there are so many how will the public locate specific books?
Well, you create a directory that lists all your books and details exactly where each book is stored. When a person looks up the book in the directory they are provided with exact location details. Since this is a 'special' library the person is allowed only to walk to the specific location and can see only the specific shelf and can see only the specific book.
Now, let's say you no longer want that book to be available because it contains obsolete information. The first thing you do is delete the directory entry for that book. When people look in your directory they will no longer see an entry for that book.
To them, the book was 'deleted' from the library, while in fact only the directory entry was deleted. Assuming a new book was not put in its place, that original book is still on the shelf and if someone has '
special' access they can still walk to and access that book. Of course if a new book was put in its place that original book is no where to be found.
NOTE: the above is an extreme oversimplification, but sufficient for our purpose.
To summarize:
If you delete a file from a hard drive, the file is not actually 'erased' ... only the directory information that details where the data is saved on the drive is erased. Now, if you do save something new to the drive after you deleted the original entry, the original data could be partially or completely overwritten because as for as the directory is concerned that space is 'empty'.
In that case the original data is irretrievable because new data was saved on top of the original data. You need very specialized equipment to read the magnetic signatures of the hard drive platters to even attempt to 'read' what was originally saved. Even then, it can be hit or miss.
Data Storage 'general' rules-of-thumb:
Short-term storage of data:
* retained for less than 1 year, typically measured in days or weeks
* saved to hard drive
Long-term storage of data:
* retained for one to many years
* saved to tape
There are (US and international) laws defining requirements for retaining various types of data, including the format, compression, physical storage, retrieval, etc. Since 9/11 it has become a much more complex and critical focus.
Long-term retention examples:
In at least one state (Texas), disability and sick benefit records must be retained for 6 years. Employee inventions claims must be retained for 25 years.
Depending on the business, OSHA requires that certain industrial hygiene records and medical records be retained for 30 years.
Financial institutions transaction data must be retained for 7 years.
Short-Term Storage vs. Long-Term Storage
Initial, interactive and short-term (temporary) storage of data typically is to hard drive and might be retained on hard drive(s) for days, weeks, or months depending on data type, volume and retrieval requirements. The more detail you save, the more drive space you need. The more drive space you need, the higher the cost.
Long-term storage of data typically is to tape (but in some rare instances also can be to hard drive). Data is copied from hard drives to tapes, and the tapes are transported to and stored in environment-controlled (temperature, humidity) archival locations.
Where does long-term data come from?
Long-term data used to be short-term data.
Short-term data, say for a company's ACD pbx telephone system, might be retained on that systems hard drives for 30 days, where the data is immediately available to access for running reports on # of calls, talk time, average speed of answer, etc.
After 30 days, that data might be copied to tape for long-term storage for future reference. After copying, the data on the hard drives is purged (actually deleted from database tables) and replaced with new data as it becomes available.
As for mobile / cell phone data retention, I am not sure if the law quoted below, applies. It indicates "provider of wire or
electronic communications services or a remote computing service."
http://www.ictregulationtoolkit.org/en/PracticeNote.2117.html
In the United States, Title 18 of the United States Code, Section 2703(f) states that: “A provider of wire or electronic communications services or a remote computing service, upon the request of a government entity, shall take all necessary steps to preserve records and other records in its possession pending the issuance of a court order or other process.”
The policy of the U.S. Government is based on the belief that investigators and prosecutors need the ability to have service providers preserve (without disclosing) for a limited period of time, any data which already exists within their network architecture and which relates to a specific investigation. The law requires preservation for 90 days, renewable for another 90 day period.
After such period, access to these historical records can be obtained pursuant to a court order or in conformity with other due process protections. For example, the Privacy Act requires, with some exceptions, that disclosure of any personal information be allowed only pursuant to a written request or prior written consent of the individual to whom the information belongs.
7
he requirement for data preservation does not, however, require a service provider to collect data prospectively, nor does it permit the preservation of everything in a service provider’s systems – only the information that related to a specific investigation.
The United States also does not require ISPs to routinely destroy or retain communications data. ISPs are free to destroy or retain communications data as they each choose, based upon their own assessments, resources, needs and limitations
