Interesting article about the technology vendor, HCL, being asked by its client, Newsworld, to purge unwanted emails. Which is fine - there should be an archiving system that stores emails or more appropriately the journals generated by the mail servers. In this case, there was one, though HCL was requested to ensure that the archives were also purged.
It is incidences like such where one needs to make sure that the definition of immutable is understood. Perhaps no one understands it better than the SEC when it inked in the guidance around archival of communications. For awhile the 'gold' standard was actually putting the emails and their indexes on CD-ROMs (aka laser discs) and thus one can be assured that the operation was truly immutable. Of course, a CD-ROM can be displaced but that would be a bit obvious.
With the adoption of spinning disk in data centers and the need to access the data readily, some of the vendors (all the major players like EMC, NetApp, HP) have provided some level of 'write once, read many' capabilities that are baked in at the factory. Though technically the vendor can do a hard reset, the fact that it is an all or nothing deal and there is a vendor record of such an action keeps most companies safe.
It seems that Newsworld did not employ those measures and the level of immutability was an illusion. A system administrator choosing to wipe the disks fails in that department as the segregation of controls has to traverse organizational boundaries. A bit hard to assure that one the employee can soon be an ex-employee if the media is not promptly erased.
It will be interesting if this will further impose further refinement in Europe around immutable storage and the level of controls necessary.