Because we do not use tape backups, but rely on full replication of our fileservers (see Home Directory and Data for more about this), deleting a user’s account is a somewhat more complex process. We cannot go to tape if research data needs to be recovered from several years ago. So, the policy below has to describe both access control as well as data retention timelines.
Account sponsors should arrange for important data to be transferred directly to them, or to a project area, before an account is closed. The data retention described below is for emergencies.
Account Closeout
Starting from the date employment ends:
- The account is locked immediately.
- If requested from the account holder, an email forward can be set up for six months.
- A grace period of six months may be requested to allow the account holder to finish up remaining work (for papers, etc.). During that time compute resources may only be used to finish up the remaining work. The grace period may be extended to a year by request.
- Six months after the account is locked, the Unix account record is deleted. The home directory will be moved to a private archive area for five years.
- The account sponsor should arrange to transfer important work from the leaving account before the account is actually closed.
- If the home directory is much larger than the default 100G, BCG and the account holder or the account sponsor will need to discuss ways of reducing the size.
- ZFS snapshots will not be preserved in the archived version of the home directory. It will only contain the data that existed at the time the account was closed.
- After five years, the home directory is deleted.
After the five years has passed, and the home directory is deleted, the data is unrecoverable.
The department uses Office 365, managed by DoIT, for email. That means email is not archived for this deletion process unless you specifically make an effort to store it locally in a project or home directory.