T 5.106 Unauthorised overwriting or deletion of archiving media

Important data is to be stored on archiving media over the long term and without any changes. Therefore, these media must not be overwritten, deleted, or otherwise modified without authorisation. Unauthorised deletion is possible if user rights were assigned improperly, i.e. if

• users are granted the right to "delete", but they cannot make any reasonable decision as to whether or not datasets may be deleted on the basis of the information they dispose of, or
• users are incorrectly granted the right to "delete" due to improper administration.

Here, a differentiation between rewritable media and WORM media must be made:

• for rewritable media, physically deleting or overwriting datasets is possible as a matter of principle.
• for WORM media, physically deleting or overwriting datasets is impossible as a matter of principle. However, archiving systems normally provide for the option of logically marking datasets as being deleted. These datasets are not copied when the data is copied to a new data medium. Thus, the data is only removed from the databases when the data is copied to a new data medium.

In both cases, a loss of integrity of the stored information and data may occur if the media are handled improperly (see also T 5.85 Loss of integrity of information that should be protected).