Every organization needs backups, but sometimes you want backups to go away:

Suppose you have a policy where certain types of personal records, like health records, have to be destroyed after a year. It’s very difficult to just delete something, because it may be on backup tapes."

Radia Perlman concisely defines the problem, and she has a simple solution, too. Incidentally, she adds, "It should be a law that with any vendor you could say, ‘Do not keep a permanent copy of my information in your database. Delete it after one month.’ I don’t want that stored — my name and address and credit card number — because it can be broken into." Perlman’s solution, in a nutshell: Encrypt the data, then, when you no longer want it around, throw away the key.