> "being able to prove they didn't delete it" is a somewhat higher bar that you probably need to at least consider before starting that lawsuit...
> I've been discussing/arguing recently about whether being able to prove you've deleted the encryption keys for PII that you have on on long term backups/archives is something we'd want to explain to a judge or jury while the opposing counsel keeps saying "But they didn't delete the data! Show me when they deleted the data!"
What would an implementation of that look like? Would it rely on hardware keys or something? Because otherwise, even if you can prove you deleted a key (which seems very hard to prove a negative), how can you prove that no copy of the key exists? The same questions can be had for plain unencrypted data deletion as well.
> I've been discussing/arguing recently about whether being able to prove you've deleted the encryption keys for PII that you have on on long term backups/archives is something we'd want to explain to a judge or jury while the opposing counsel keeps saying "But they didn't delete the data! Show me when they deleted the data!"
What would an implementation of that look like? Would it rely on hardware keys or something? Because otherwise, even if you can prove you deleted a key (which seems very hard to prove a negative), how can you prove that no copy of the key exists? The same questions can be had for plain unencrypted data deletion as well.