Data loss
Encyclopedia
Data loss is an error condition in information systems in which information is destroyed by failures or neglect in storage, transmission, or processing. Information systems implement backup
and disaster recovery
equipment and processes to prevent data loss or restore lost data.
Data loss is distinguished from data unavailability, such as may arise from a network outage. Although the two have substantially similar effects, data unavailability is temporary, while data loss may be permanent. Data loss is also distinct from data spill
, although the term data loss has been sometimes used in those incidents. Data loss incidents can, however, be also data spill incidents, in case media containing sensitive information is lost and subsequently acquired by another party. However, data spills are possible without the data being lost in the originating side.
Studies have consistently shown hardware failure and human error to be two most common causes of data loss, accounting for roughly three quarters of all incidents. A commonly overlooked cause is a natural disaster. Although the probability is small, the only way to recover from data loss due to a natural disaster is to store backup data in a physically separate location.
Consider:
, requiring the notification of data loss. This and other legislation has forced organizations to notify victims that their identity has potentially been compromised.
and RAID storage will only protect against certain types of software and hardware failure. Regular data backup
s are an important asset to have when trying to recover after a data loss event, but they don't do much to prevent user errors or system failures.
A well rounded approach to data protection has the best chance of avoiding data loss events. Such an approach will also include such mundane tasks as maintaining antivirus protection and network firewalls, as well as staying up to date with all published security fixes and system patches. User education is probably the most important, and most difficult, aspect of preventing data loss. Nothing else will prevent users from making mistakes that jeopardize data security
.
or cleanroom
procedures.
File system corruption can frequently be repaired by the user or the system administrator with the right software tools. A deleted file may not be overwritten on disk. It is more common for the operating system to simply delete its entry in the file system index. This can be easily reversed.
Successful recovery from a data loss generally requires an effective backup strategy. Without a backup strategy, recovery requires reinstallation of programs and regeneration of data. Even with an effective backup strategy, restoring a system to the precise state it was in prior to the Data Loss Event is extremely difficult. Some level of compromise between granularity of recoverability and cost is necessary. Furthermore, a Data Loss Event may not be immediately apparent. An effective backup
strategy must also consider the cost of maintaining the ability to recover lost data for long periods of time.
The most convenient backup system would have duplicate copies of every file and program that were immediately accessible whenever a Data Loss Event was noticed. However, in most situations, there is an inverse correlation between the value of a unit of data and the length of time it takes to notice the loss of that data. Taking this into consideration, many backup strategies decrease the granularity
of restorability as the time increases since the potential Data Loss Event. By this logic, recovery from recent Data Loss Events is easier and more complete than recovery from Data Loss Events that happened further in the past.
Recovery is also related to the type of Data Loss Event. Recovering a single lost file is going to be substantially different than recovering a whole system that was destroyed in a flood. An effective backup regimen will have some proportionality between the magnitude of Data Loss and the magnitude of effort required to recover. For example, it should be far easier to restore the single lost file than to recover the whole system destroyed in a flood.
The best and safest course of action would be that right upon realizing data loss, the computer must be safely shut down and the drive in question should be removed from the unit. After that, attach this drive to a secondary computer with a write blocker device and then proceed to perform data recovery either by the user himself or commercial data recovery services.
Backup
In information technology, a backup or the process of backing up is making copies of data which may be used to restore the original after a data loss event. The verb form is back up in two words, whereas the noun is backup....
and disaster recovery
Disaster recovery
Disaster recovery is the process, policies and procedures related to preparing for recovery or continuation of technology infrastructure critical to an organization after a natural or human-induced disaster. Disaster recovery is a subset of business continuity...
equipment and processes to prevent data loss or restore lost data.
Data loss is distinguished from data unavailability, such as may arise from a network outage. Although the two have substantially similar effects, data unavailability is temporary, while data loss may be permanent. Data loss is also distinct from data spill
Data spill
A data breach is the intentional or unintentional release of secure information to an untrusted environment. Other terms for this phenomenon include unintentional information disclosure, data leak and also data spill...
, although the term data loss has been sometimes used in those incidents. Data loss incidents can, however, be also data spill incidents, in case media containing sensitive information is lost and subsequently acquired by another party. However, data spills are possible without the data being lost in the originating side.
Types of data loss
- Intentional Action
- Intentional deletion of a file or program
- Unintentional Action
- Accidental deletion of a file or program
- Misplacement of CDs or Memory sticks
- Administration errors
- Inability to read unknown file format
- Failure
- Power failure, resulting in data in volatile memory not being saved to permanent memory.
- Hardware failure, such as a head crashHead crashA head crash is a hard-disk failure that occurs when a read–write head of a hard disk drive comes in contact with its rotating platter, resulting in permanent and usually irreparable damage to the magnetic media on the platter surface....
in a hard disk. - A software crashCrash (computing)A crash in computing is a condition where a computer or a program, either an application or part of the operating system, ceases to function properly, often exiting after encountering errors. Often the offending program may appear to freeze or hang until a crash reporting service documents...
or freeze, resulting in data not being saved. - Software bugs or poor usabilityUsabilityUsability is the ease of use and learnability of a human-made object. The object of use can be a software application, website, book, tool, machine, process, or anything a human interacts with. A usability study may be conducted as a primary job function by a usability analyst or as a secondary job...
, such as not confirming a file delete command. - Business failure (vendor bankruptcy), where data is stored with a software vendor using Software-as-a-service and SaaS data escrow has not been provisioned.
- Data corruptionData corruptionData corruption refers to errors in computer data that occur during writing, reading, storage, transmission, or processing, which introduce unintended changes to the original data...
, such as file system corruption or database corruption.
- Disaster
- Natural disasterNatural disasterA natural disaster is the effect of a natural hazard . It leads to financial, environmental or human losses...
, earthquakeEarthquakeAn earthquake is the result of a sudden release of energy in the Earth's crust that creates seismic waves. The seismicity, seismism or seismic activity of an area refers to the frequency, type and size of earthquakes experienced over a period of time...
, floodFloodA flood is an overflow of an expanse of water that submerges land. The EU Floods directive defines a flood as a temporary covering by water of land not normally covered by water...
, tornadoTornadoA tornado is a violent, dangerous, rotating column of air that is in contact with both the surface of the earth and a cumulonimbus cloud or, in rare cases, the base of a cumulus cloud. They are often referred to as a twister or a cyclone, although the word cyclone is used in meteorology in a wider...
, etc. - FireFireFire is the rapid oxidation of a material in the chemical process of combustion, releasing heat, light, and various reaction products. Slower oxidative processes like rusting or digestion are not included by this definition....
- Natural disaster
- Crime
- Theft, hacking, sabotage, etc.
- A malicious act, such as a wormComputer wormA computer worm is a self-replicating malware computer program, which uses a computer network to send copies of itself to other nodes and it may do so without any user intervention. This is due to security shortcomings on the target computer. Unlike a computer virus, it does not need to attach...
, virusComputer virusA computer virus is a computer program that can replicate itself and spread from one computer to another. The term "virus" is also commonly but erroneously used to refer to other types of malware, including but not limited to adware and spyware programs that do not have the reproductive ability...
, hackerHacker (computer security)In computer security and everyday language, a hacker is someone who breaks into computers and computer networks. Hackers may be motivated by a multitude of reasons, including profit, protest, or because of the challenge...
or theft of physical media.
Studies have consistently shown hardware failure and human error to be two most common causes of data loss, accounting for roughly three quarters of all incidents. A commonly overlooked cause is a natural disaster. Although the probability is small, the only way to recover from data loss due to a natural disaster is to store backup data in a physically separate location.
Cost of data loss
The cost of a data loss event is directly related to the value of the data and the length of time that it is needed, but unavailable.Consider:
- The cost of continuing without the data
- The cost of recreating the data
- The cost of notifying users in the event of a compromise
Organizational responsibility
Recent statistics show the number of publicized data loss events involving sensitive data is on the rise, in part due to recent legislation, including the landmark California SB 1386SB 1386
SB1386, amending civil codes 1798.29, 1798.82 and 1798.84 is a California law regulating the privacy of personal information. The law was introduced by California State Senator Peace on February 12, 2002, and became operative July 1, 2003....
, requiring the notification of data loss. This and other legislation has forced organizations to notify victims that their identity has potentially been compromised.
Prevention
Data loss prevention can rarely be guaranteed. However, the frequency of data loss and the impact can be greatly mitigated by taking proper precautions. The different types of data loss demand different types of precautions. For example, multiple power circuits with battery backup and a generator will only protect against power failures. Similarly, using a journaling file systemJournaling file system
A journaling file system is a file system that keeps track of the changes that will be made in a journal before committing them to the main file system...
and RAID storage will only protect against certain types of software and hardware failure. Regular data backup
Backup
In information technology, a backup or the process of backing up is making copies of data which may be used to restore the original after a data loss event. The verb form is back up in two words, whereas the noun is backup....
s are an important asset to have when trying to recover after a data loss event, but they don't do much to prevent user errors or system failures.
A well rounded approach to data protection has the best chance of avoiding data loss events. Such an approach will also include such mundane tasks as maintaining antivirus protection and network firewalls, as well as staying up to date with all published security fixes and system patches. User education is probably the most important, and most difficult, aspect of preventing data loss. Nothing else will prevent users from making mistakes that jeopardize data security
Data security
Data security is the means of ensuring that data is kept safe from corruption and that access to it is suitably controlled. Thus data security helps to ensure privacy. It also helps in protecting personal data. Data security is part of the larger practice of Information security.- Disk Encryption...
.
Data recovery
Data recovery is often performed by specialized commercial services that have developed, often proprietary, methods to recover data from physically damaged media. Service costs at data recovery labs are usually dependent on type of damage and type of storage medium, as well as the required securitySecure environment
In computing, a secure environment is any system which implements the controlled storage and use of information. In the event of computing data loss, a secure environment is used to protect personal and/or confidential data....
or cleanroom
Cleanroom
A cleanroom is an environment, typically used in manufacturing or scientific research, that has a low level of environmental pollutants such as dust, airborne microbes, aerosol particles and chemical vapors. More accurately, a cleanroom has a controlled level of contamination that is specified by...
procedures.
File system corruption can frequently be repaired by the user or the system administrator with the right software tools. A deleted file may not be overwritten on disk. It is more common for the operating system to simply delete its entry in the file system index. This can be easily reversed.
Successful recovery from a data loss generally requires an effective backup strategy. Without a backup strategy, recovery requires reinstallation of programs and regeneration of data. Even with an effective backup strategy, restoring a system to the precise state it was in prior to the Data Loss Event is extremely difficult. Some level of compromise between granularity of recoverability and cost is necessary. Furthermore, a Data Loss Event may not be immediately apparent. An effective backup
strategy must also consider the cost of maintaining the ability to recover lost data for long periods of time.
The most convenient backup system would have duplicate copies of every file and program that were immediately accessible whenever a Data Loss Event was noticed. However, in most situations, there is an inverse correlation between the value of a unit of data and the length of time it takes to notice the loss of that data. Taking this into consideration, many backup strategies decrease the granularity
of restorability as the time increases since the potential Data Loss Event. By this logic, recovery from recent Data Loss Events is easier and more complete than recovery from Data Loss Events that happened further in the past.
Recovery is also related to the type of Data Loss Event. Recovering a single lost file is going to be substantially different than recovering a whole system that was destroyed in a flood. An effective backup regimen will have some proportionality between the magnitude of Data Loss and the magnitude of effort required to recover. For example, it should be far easier to restore the single lost file than to recover the whole system destroyed in a flood.
Steps to be taken after data loss
Proper steps must always be taken in case of a data loss incident in order to preserve the recoverability of any lost data. First of all, all type of write operations should be avoided to the drive in question. This also includes starting up the computer. As, many OS including Windows, creates "temporary files" or "files required for booting" - those files may occupy and overwrite the area of the lost data and render it partially or completely unrecoverable. Needless to say, other write operations such as copying, deleting or altering the files should also be avoided.The best and safest course of action would be that right upon realizing data loss, the computer must be safely shut down and the drive in question should be removed from the unit. After that, attach this drive to a secondary computer with a write blocker device and then proceed to perform data recovery either by the user himself or commercial data recovery services.
See also
- Data spillData spillA data breach is the intentional or unintentional release of secure information to an untrusted environment. Other terms for this phenomenon include unintentional information disclosure, data leak and also data spill...
- Data truncationData truncationIn databases and computer networking data truncation occurs when data or a data stream is stored in a location too short to hold its entire length...
- List of data recovery software
External links
- Data Loss Database - Reporting on data leaks, worldwide
- What To Do Right After A Data Loss Incident | Bitlevel explains things you must know after data loss
- Data Loss Warning Signs | LC Technology International, Inc.
- "Data Loss and Hard Drive Failure: Understanding the Causes and Costs", also includes recovery tips
- "How To: Recover deleted files (for Mac and Windows)"- Detailed how to articles on recovering documents, data, and files.
- The sounds of data loss: Failing Hard Drive Sounds
- Find lost data after emptied the recycle bin