Records retention in relational database systems

Subscribe (Full Service)


	Search: The ACM Digital Library The Guide

	Feedback

Records retention in relational database systems

Full text

Pdf (421 KB)

Source

Conference on Information and Knowledge Management archive
Proceeding of the 17th ACM conference on Information and knowledge management table of contents

Napa Valley, California, USA

SESSION: DB: security and privacy table of contents

Pages 873-882

Year of Publication: 2008

ISBN:978-1-59593-991-3

Authors

Ahmed A. Ataullah	University of Waterloo, Waterloo, ON, Canada
Ashraf Aboulnaga	University of Waterloo, Waterloo, ON, Canada
Frank Wm. Tompa	University of Waterloo, David R. Cheriton School of Co, ON, Canada

Sponsors

ACM: Association for Computing Machinery
SIGWEB: ACM Special Interest Group on Hypertext, Hypermedia, and Web
SIGIR: ACM Special Interest Group on Information Retrieval

Publisher

ACM New York, NY, USA

Bibliometrics

Downloads (6 Weeks): 17, Downloads (12 Months): 178, Citation Count: 0

Additional Information:

abstract references index terms collaborative colleagues

Tools and Actions:	Request Permissions Review this Article Save this Article to a Binder Display Formats: BibTeX EndNote ACM Ref

DOI Bookmark:	Use this link to bookmark this Article: http://doi.acm.org/10.1145/1458082.1458197 What is a DOI?

ABSTRACT

The recent introduction of several pieces of legislation mandating minimum and maximum retention periods for corporate records has prompted the Enterprise Content Management (ECM) community to develop various records retention solutions. Records retention is a significant subfield of records management, and legal records retention requirements apply over corporate records regardless of their shape or form. Unfortunately, the scope of existing solutions has been largely limited to proper identification, classification and retention of documents, and not of data more generally.

In this paper we address the problem of managed records retention in the context of relational database systems. The problem is significantly more challenging than it is for documents for several reasons. Foremost, there is no clear definition of what constitutes a business record in relational databases; it could be an entire table, a tuple, part of a tuple, or parts of several tuples from multiple tables. There are also no standardized mechanisms for purging, anonymizing and protecting relational records. Functional dependencies, user defined constraints, and side effects caused by triggers make it even harder to guarantee that any given record will actually be protected when it needs to be protected or expunged when the necessary conditions are met. Most importantly, relational tuples may be organized such that one piece of data may be part of various legal records and subject to several (possibly conflicting) retention policies.

We address the above problems and present a complete solution for designing, managing, and enforcing records retention policies in relational database systems. We experimentally demonstrate that the proposed framework can guarantee compliance with a broad range of retention policies on an off-the-shelf system without incurring a significant performance overhead for policy monitoring and enforcement.

REFERENCES

Note: OCR errors may be found in this Reference List extracted from the full text article. ACM has opted to expose the complete List rather than only correct and linked references.

	1	United States Public Company Accounting Reform and Investor Protection Act of 2002 (Sarbanes-Oxley Act) (Pub.L. 107-204, 116 Stat. 745). August 2002.
	2	Rakesh Agrawal , Paul Bird , Tyrone Grandison , Jerry Kiernan , Scott Logan , Walid Rjaibi, Extending Relational Database Systems to Automatically Enforce Privacy Policies, Proceedings of the 21st International Conference on Data Engineering, p.1013-1022, April 05-08, 2005 [doi>10.1109/ICDE.2005.64]
	3	Rakesh Agrawal , Jerry Kiernan , Ramakrishnan Srikant , Yirong Xu, Hippocratic databases, Proceedings of the 28th international conference on Very Large Data Bases, p.143-154, August 20-23, 2002, Hong Kong, China
	4	Alexander Aiken , Jennifer Widom , Joseph M. Hellerstein, Behavior of database production rules: termination, confluence, and observable determinism, Proceedings of the 1992 ACM SIGMOD international conference on Management of data, p.59-68, June 02-05, 1992, San Diego, California, United States
	5	Ahmed Ataullah. A Framework for Records Management in Relational Database Management Systems. Master's thesis, University of Waterloo, Waterloo, Ontario, Canada, April 2008.
	6	Lars Bækgaard , Leo Mark, Incremental Computation of Time-Varying Query Expressions, IEEE Transactions on Knowledge and Data Engineering, v.7 n.4, p.583-590, August 1995 [doi>10.1109/69.404031]
	7	José A. Blakeley , Neil Coburn , Per-:1Vke Larson, Updating derived relations: detecting irrelevant and autonomously computable updates, ACM Transactions on Database Systems (TODS), v.14 n.3, p.369-400, Sept. 1989 [doi>10.1145/68012.68015]
	8	Stefano Ceri , Jennifer Widom, Deriving Production Rules for Incremental View Maintenance, Proceedings of the 17th International Conference on Very Large Data Bases, p.577-589, September 03-06, 1991
	9	Umeshwar Dayal , Philip A. Bernstein, On the updatability of relational views, Proceedings of the fourth international conference on Very Large Data Bases, p.368-377, September 13-15, 1978, West Berlin, Germany
	10	C. Elkan, A decision procedure for conjunctive query disjointness, Proceedings of the eighth ACM SIGACT-SIGMOD-SIGART symposium on Principles of database systems, p.134-139, March 1989, Philadelphia, Pennsylvania, United States [doi>10.1145/73721.73735]
	11	Hector Garcia-Molina , Wilburt Labio , Jun Yang, Expiring Data in a Warehouse, Proceedings of the 24rd International Conference on Very Large Data Bases, p.500-511, August 24-27, 1998
	12	Eric N. Hanson, Chris Carnes, Lan Huang, Mohan Konyala, Lloyd Noronha, Sashi Parthasarathy, J. B. Park, and Albert Vernon. Scalable trigger processing. In ICDE, 1999.
	13	Arthur M. Keller, Choosing a View Update Translator by Dialog at View Definition Time, Proceedings of the 12th International Conference on Very Large Data Bases, p.467-474, August 25-28, 1986
	14	Bill Lipner. The million-dollar backup tape. ComputerWorld Magazine, August 2006.
	15	Claudia Bauzer Medeiros and Frank Wm. Tompa. Understanding the implications of view update policies. Algorithmica, 1986.
	16	Marco C. Mont and Robert Thyne. A System to Handle Privacy Obligations in Enterprises. In Hewlett-Packard Internal Technical Report (HPL-2005-180), 2005.
	17	Feng Shao , Antal Novak , Jayavel Shanmugasundaram, Triggers over nested views of relational data, ACM Transactions on Database Systems (TODS), v.31 n.3, p.921-967, September 2006 [doi>10.1145/1166074.1166080]
	18	Patrick Stahlberg , Gerome Miklau , Brian Neil Levine, Threats to privacy in the forensic analysis of database systems, Proceedings of the 2007 ACM SIGMOD international conference on Management of data, June 11-14, 2007, Beijing, China [doi>10.1145/1247480.1247492]
	19	David Toman, Expiration of Historical Databases, Proceedings of the Eighth International Symposium on Temporal Representation and Reasoning (TIME'01), p.128, June 14-16, 2001