Regulatory-Compliant Data Management

Digital societies and markets increasingly mandate consistent procedures for the access, processing and storage of information. In the United States alone, over 10,000 such regulations can be found in financial, life sciences, health care and government sectors, including the Gramm Leach Bliley Act, Health Insurance Portability and Accountability Act, and Sarbanes Oxley Act. A recurrent theme in these regulations is the need for regulatory compliant data management as an underpinning to ensure data confidentiality, access integrity and authentication; provide audit trails, guaranteed deletion, and data migration; and deliver Write Once Read Many (WORM) assurances, essential for enforcing long term data retention and life cycle policies. While each regulation has its own unique characteristics, certain assurance features are broadly mandated: Guaranteed Data Retention. The goal of compliant data management is to support WORM semantics: once written, data cannot be undetectably altered or deleted before the end of their regulation mandated life span, even with physical access to its host. Quick Lookup and Queries. In light of the massive amounts of data subject to compliance regulations, the regulatory requirement for quick data retrieval can only be met by accessing the data through indexing structures. Such indexes must be efficient enough to support a target throughput, and must be secured against insiders who wish to remove or alter compromising information before the end of its mandated lifespan. Secure Deletion. Once data has reached the end of its lifespan, it can (and in some cases must) be deleted. Deleted records should not be recoverable even with unrestricted access to the underlying medium; moreover, after