HCP includes features that enable you to comply with local regulations regarding data storage and maintenance:
•Data privacy — At HCP installation time, you can choose to encrypt all data and metadata stored in the repository, thereby ensuring data privacy in a compliance context. Encryption prevents unauthorized users and applications from directly viewing namespace content. Lost or stolen storage devices are useless to parties without the correct encryption key.
HCP handles data encryption and decryption automatically, so no access or process changes are required.
•Retention classes — Some government regulations require that certain types of data be kept for a specific length of time. For example, local law may require that medical records be kept for a specific number of years.
A retention class is a named duration that can be used as the retention setting for an object. When an object is assigned to a retention class, the object cannot be deleted until the specified length of time past its creation date. For example, a retention class named HlthReg-107 could have a duration of 21 years. Objects assigned to that class then could not be deleted for 21 years after they were created.
For more information about retention classes, see Managing a Tenant and Its Namespaces or Managing the Default Tenant and Namespace.
•Retention mode — A namespace can be created in either of two modes: enterprise or compliance. The retention mode determines which operations are allowed on objects that are under retention:
oIn enterprise mode, users and applications can delete objects under retention if they have explicit permission to do so. This is called privileged delete (see below).
Also, in enterprise mode, authorized administrative users can delete retention classes and shorten retention class durations.
oIn compliance mode, objects that are under retention cannot be deleted through any mechanism. Additionally, retention classes (see above) cannot be deleted, and retention class durations cannot be shortened.
•Privileged delete — Some localities require that certain data be destroyed in response to changing circumstances. For example, companies may be required to destroy particular information about employees who leave.
Privileged delete is an HCP feature that enables authorized users to delete objects even if they are under retention. This feature is available only in namespaces that are in enterprise mode. In compliance mode, objects can never be deleted while they are under retention.
When performing a privileged delete operation, the user is required to specify a reason for the deletion. HCP logs each privileged delete operations along with its specified reason, thereby creating an audit trail.
For more information about privileged delete, see Managing a Tenant and Its Namespaces or Managing the Default Tenant and Namespace.
•Retention hold — To support legal discovery, users and applications can place a hold on selected objects. While an object is on hold, it cannot be deleted through any mechanism, regardless of its retention setting.
For more information about retention hold, see Using a Namespace or Using the Default Namespace.
© 2015, 2020 Hitachi Vantara LLC. All rights reserved.