The Data Lifecycle

On Thursday, February 9th, our event on the data lifecycle took place in collaboration with Streff, a specialist in data archiving, storage, digitization, and data destruction. The purpose of this conference was to explore the various key stages in the life of data, from its creation to its destruction. Corinne Berlocher, Sales Director at Streff, and Eric Preud’homme, Product Manager at Rcube, shared their knowledge and insights during this presentation.

To understand the process properly, it’s important to keep in mind that there are two different types of data: physical data and digital data.

The Data Lifecycle for “Physical” Data:

Archiving

Data is crucial to a company’s operations. Once archived, it is stored for a defined period based on associated regulations.

To optimize office space, archives can be entrusted to professionals who adhere to security standards (archives are organized based on their nature and/or legal regulations, such as personal data).

Destruction

Upon the client’s request, Streff initiates the data destruction process. This renders the data unusable, ensuring the strictest confidentiality for the client.

The destruction process is governed by well-defined rules:

• Protection of official documents.
• No sorting of documents to maintain confidentiality.
• Immediate deposit of the bin into the shredder without human intervention.
• Destruction certified by a third party.

Physical destruction applies to both paper documents and all electronic or IT equipment, such as hard drives, USB drives, etc. The waste generated by this destruction is subsequently processed by accredited recycling centers, always with an emphasis on Corporate Social Responsibility (CSR).

The Data Lifecycle for “Digital” Data:

Data generated by information technology must also be managed for several reasons:

• To comply with current laws and regulations, which is referred to as compliance.
• To ensure good organizational governance, thereby enhancing security.
• To prevent data loss and theft.
• To improve various processes.

Creation, Storage, and Backup of IT Data

When data is created, it remains the intellectual property of the organization and the client relationship.

This data must be stored confidentially using strict data redundancy and security strategies. To mitigate any risk of loss, data recovery plans in the event of failures or disasters are applied. Companies define periods during which they can operate without data; these are known as Recovery Time Objectives (RTO), Recovery Point Objectives (RPO), and Decision Time Objectives (DTO).

• RTO (Recovery Time Objective) represents the maximum allowable downtime during which an IT resource can be non-functional.
• RPO (Recovery Point Objective) is the maximum duration of data recording that can be acceptable to lose in case of a failure.
• DTO (Decision Time Objective) is the maximum time allowed to make the decision to switch to a backup solution.

Specific regulations, as defined by organizations like the regulator, insurance commissioners, or medical boards, must, of course, be considered and adhered to.

The Use and Sharing of Data

Once used, data is viewed, processed, and shared among employees, executives, and board members. This usage phase is the most vulnerable, making it essential for data to be transported to a secure location, and for education and notification procedures to be implemented. This minimizes the risk of data leakage, which could have serious consequences for the concerned organization.

The implementation of proven data sharing solutions is essential to ensure that data is accessible and shared among authorized individuals. For example, the solution offered and hosted by Rcarré-Rcube, Rfile, is based on the Oodrive tool.

Archiving and Destruction of IT Data

Like physical data, digital data has a limited lifespan defined by national laws and industry regulations. The archiving of such data can be done through PSDC (Common Security and Defense Policy) accredited providers.

Regarding data destruction, which is necessary for IT equipment reuse, certified data erasure, donation, or to ensure a certain level of confidentiality, certified software used by global organizations (NASA) can be employed. This is the case with the Blancco solution, a partner of Rcarré-Rcube.

In summary, the data lifecycle must adhere to strict rules to ensure complete confidentiality for the client. Clients must feel that their documents are secure and not fear data leakage. Once data is destroyed, it completes its cycle, and the process begins anew… with new data!