CypherCon 2022

Three Pillars of Compliance in Databases: Data Retention, Purging, and Consent

Dr. Alexander Rasin


Numerous data governance laws and policies have been enacted to protect user privacy. Polices may define data retention (how long the data must be kept), data purging requirements (when the data must be destroyed), and data consent (whether the data can be used for a particular purpose). To comply with these requirements and to minimize liability, database systems (e.g., Oracle, Postgres) must offer built-in support to enforce storage and use policies. Instead, such compliance is currently achieved through a patchwork of manual solutions within each organization. In this talk, we will consider legal, policy, and technical perspectives to the challenges of enforcing data storage and use governance policies. We will discuss the current state-of-the-art approaches to facilitating compliance in organizations and the difficulties encountered in understanding and interpreting polices. We will present database implementation approaches that can enable policy compliance without disrupting current business processes. Although we will touch on all aspects of data governance, our primary focus will be on challenges that are yet to be clearly defined: 1) proof of retention compliance, 2) the inherent conflict between data backups (which archive and preserve data) and data purging requirements, and 3) the support for data consent compliance, which restricts the access to data depending on user’s purpose in accessing that data.

Dr. Alexander Rasin

Dr. Alexander Rasin is an Associate Professor in the College of Computing and Digital Media (CDM) at DePaul University. 

Dr Alexander Rasin received his Ph.D. and M.Sc. in Computer Science from Brown University, Providence. He is a co-Director of Data Systems and Optimization Lab at CDM and his primary research interest is in cybersecurity problems of preventing data tampering and exfiltration, establishing standards for database forensic analysis, and developing fine-grained access control polices. Dr. Rasin’s other research projects focus on building and tuning the performance of domain-specific data management systems — including biomedical data integration, user-defined predicate query optimization, and physical database design and indexing. Several of his research projects are supported by NSF.