When records are deleted, are provisions made to "shred", "backfill", or "overwrite" the record space on disk? Can the record still be recovered from disk?
The standard installation of Symantec DLP does not "backfill", "shred", "overwrite" or obfuscate records that have been deleted on disk in any way. After a record is deleted, the space it occupied eventually becomes available for reuse. New records can then be written to the space. From the database perspective, a record that has been both deleted and committed is gone.
If the space that a deleted record occupied is not reused, then the data is still present and can be accessed via non-database means, such as using an editor. TECH218827 addresses this in greater detail.
That this data is still available in no way means that it is recoverable and/or viable. Deleted data is to be considered lost and no effort will be made to recover it by means fair or foul.
Oracle provide database encryption methodology, but use of these Oracle features are specifically not supported by Symantec DLP Technical Support.
NOTE: The data itself is encrypted by the DLP application before it is sent to the database. So any attempt to manually inspect the data in the deleted records in the database would be useless without the encryption key from the Enforce server.
Imported Document ID: TECH220631
Subscribing will provide email updates when this Article is updated. Login is required.