this post was submitted on 06 Jul 2023
20 points (81.2% liked)

Sysadmin

7717 readers
2 users here now

A community dedicated to the profession of IT Systems Administration

No generic Lemmy issue posts please! Posts about Lemmy belong in one of these communities:
[email protected]
[email protected]
[email protected]
[email protected]

founded 1 year ago
MODERATORS
 

My organization just lost a entire email account full of emails needed for a law suite.

What happened was me or someone else (we don't know who) accidently deleted a gsuite account a few months ago. This account was from a employee who pasted away a few years back. We didn't realize that it was deleted until we needed it.

I like many people I had the misconception that data in the "cloud" can not be deleted. I was entirely wrong. We are now in some serious dodo and I don't know what we are going to do.

you are viewing a single comment's thread
view the rest of the comments
[–] [email protected] 1 points 1 year ago* (last edited 1 year ago) (1 children)

Ok so two things here: you were probably never privy to the legal costs associated with Google being required to do a re-discovery. Google makes no promise to backup your data though there are provisions to restore things from the trash. Eg emails and files lost or deleted recently. Google then also have tools for you to do some of this work yourself eg: https://workspace.google.com/products/vault/ which meets your company legal requirement if you configure and pay for it. Again that's not backup, that's archive for legal discovery but lines can get blurry when multiple tools which solve different issues can effectively do the same thing.

Issue two: As an administrator there's no denying even if they did you still wouldn't have followed the backup 3-2-1 rule. You never had something on a medium not google even if you thought there were three copies and you consider Google replication to at least two physical sites.

To be honest I'm not experienced with Google but this is the normal expectation of cloud services. If you don't have explicit terms of agreement to data recovery in a disaster, then you probably don't have it.

Ps: I'm going to imagine your former boss paid a lot of additional fees, lawyer fees, google fees and court fees if it really had to be recovered that way. Nothing comes for free.

I've my own experience with Microsoft not having backups and directors not understanding that Microsoft explicitly do not promise backups. A user mailbox got delicensed, but when it was delicensed, the mailbox didn't reattach. In the end it never came back after using our Gold partnership and paid support. We even had the guid. It was lost forever.

I reconstructed much of the mail, other mailboxes in the tenancy had emails from them or to them or were either cc or BCC so doing enough discovery I could eventually restore about 75% of the mail by getting the same email but from other mailboxes.

Nobody has ever doubted using a backup solution is required since.

[–] [email protected] 2 points 1 year ago

Thank you for sharing those additional details. The individual in question had an interesting background, an officer leaving a publicly traded tech company during the dot com bubble and returning to face a massive lawsuit with involving all his former partners. The fact that everyone associated with the company was subpoenaed suggests a comprehensive investigation. Perhaps it was the clients profile?

Regarding the individual's attempt to delete correspondence, it's challenging to ascertain the exact reasons for the data being provided to legal. Several factors might have played a role, such as the timing of the lawsuit, data retention policies of the tech companies involved, and legal obligations to cooperate with investigations going on while this individual was sailing the world for a decade completely disconnected from his past involvement with that entity. I was never privy to more information, so it's hard to determine if it was related to the person's identity or simply what they did.

As for data deletion, tech support informed me that deactivating or deleting said m accounts and waiting for a significant period (5-years) might ensure complete deletion. However, the companies explained that they had their own data retention policies (mid 2010s) that could impact the extent of data removal even after the user made such attempts. And the user couldn’t count on it being really gone due to those retention policies.

The outcome was that at least enough of his data was recovered to be condemning.

I have had other similar experiences with retention of deceased’s data. However I do not have expert knowledge on how each of on the specific practices of the companies involved.