HOST INTRO

Welcome back to the LTO Show and Part II of our End User series, entitled “It’s not all Backup”. Today we pick up again with Carl Watts, Storage Architect and IT Specialist with the Library of Congress, as he covers his principles for backup and data archive that include fresh perspectives on long-term content preservation.

Segment 1

1. Can’t we just “back up everything forever” and call that preservation?

If we just keep every backup forever, aren’t we basically covered for legal stuff and long-term preservation? Triple win, zero thought?

Answer:
No. That’s how you get sky-high storage bills, unsearchable junk, non-compliant retention, and angry regulators. Backups are optimized for recovery, not search, legal defensibility, or long-term usability. They lack consistent metadata, legal hold controls, and format strategies. You’ll spend a fortune mining backup sets during litigation while still failing basic regulatory requirements.

2. Give me the one-liner definitions before my coffee wears off.

Fine. In one line each: backup, statutory preservation, long-term preservation.

Answer:

Backup: Short-term, versioned safety copies of systems and data for operational recovery such as ransomware, hardware failure, or user error.

Statutory preservation: Legally required retention and immutability of specific records to meet laws and regulations and support e-discovery.

Long-term content preservation: Curated, documented, and managed storage of content so it stays complete, findable, and usable for decades.

3. Who owns each: IT, Legal, Compliance, or “whoever isn’t in the room”?

Which poor soul actually owns what?

Answer:

Backup is primarily IT and Infrastructure, with security input.

Statutory preservation is driven by Legal and Compliance, with IT implementing and operating.

Long-term preservation is often Records Management, Archives, or Knowledge Management, with IT providing the underlying platforms.

If all three are “owned by IT,” that usually means no one is truly accountable for compliance or historical value.

4. How do time horizons differ?

Isn’t everything basically “keep it till we’re scared to delete it”?

Answer:

Backup typically spans days to months, occasionally a year for certain copies.

Statutory preservation is defined by law or regulation and can range from 3 to 30+ years, often linked to events.

Long-term preservation spans decades to indefinite timeframes.

One system trying to handle 30 days and 50 years equally well is either lying or extremely expensive.

5. What’s the core question each function answers?

Backup asks: Can we get this system or data back to a known good state fast enough?

Statutory preservation asks: Can we prove what happened, when, and by whom in court or to a regulator?

Long-term preservation asks: Will someone still be able to find, open, trust, and interpret this in the future?

6. Where do RPO and RTO fit into this

Backup lives and dies by RPO and RTO.

Statutory preservation focuses more on integrity, authenticity, and availability when required.

Long-term preservation prioritizes durability and future readability over speed.

7. Are snapshots “backup”?

Snapshots are excellent for fast recovery but are often tied to the same hardware and not inherently immutable or off-site. They are not, by themselves, a complete backup strategy or archival preservation.

Segment 2

8. What storage technologies scream “backup,” not “archive”?

Think backup software with schedules and jobs, deduplicating backup appliances, virtual tape libraries, short-to-medium horizon object or disk targets, and cloud backup tiers focused on recoverable copies rather than curated content.

9. What does statutory preservation need that backup doesn’t?

Immutability or WORM controls.

Retention policies tied to regulations.

Audit trails for access and changes.

Legal hold workflows.

Proven chain of custody for evidence.

10. What makes long-term preservation different from just “cold storage”?

Long-term preservation includes rich metadata, format migration plans, fixity checks, redundant geographically separated copies, and clear selection rules. Cold storage without curation is just cheap hoarding.

11. Why is “keep every backup forever” a bad legal strategy?

Because you store mountains of irrelevant data, increase e-discovery risk, and struggle to prove defensible retention policies. Regulators prefer clear retention and destruction policies over endless backup piles.

Segment 3

12. Is immutable storage the magic bullet?

Immutable storage is necessary but not sufficient. You still need proper retention rules, legal hold processes, auditability, and event-based retention.

13. How do legal holds interact with retention schedules?

Legal holds pause normal retention clocks. Once resolved, retention resumes. Failing to manage holds creates compliance chaos.

14. Where do email and collaboration tools fit?

They can fall under backup, statutory preservation, or long-term preservation depending on context. The key is identifying which communications become formal records.

15. How does right to be forgotten interact with legal holds?

Legal or regulatory holds can override deletion temporarily. Otherwise, organizations may need to anonymize or delete data appropriately. Balance compliance and privacy carefully.

Segment 4

16. How often should we test everything?

Backup requires regular restore testing.

Statutory preservation requires verification of search and export capability.

Long-term preservation requires fixity checks, format readability checks, and disaster recovery exercises.

17. What metrics should be tracked?

Backup metrics include restore success rate and RPO/RTO adherence.

Statutory metrics include systems under policy and discovery response time.

Long-term preservation metrics include fixity checks, format migrations, and geographic redundancy.

18. Does moving to the cloud solve this?

No. Cloud changes location, not responsibility. You still owe regulators, courts, and history proper governance.

19. Can one platform do all three jobs?

You may share infrastructure, but one monolithic tool usually creates compromises. Aim for interoperable systems with distinct control layers.

Segment 5

20. How do we avoid paying three times for the same terabyte?

Use tiered storage with policy-driven placement. Separate logical functions from physical storage. Deduplicate backup independently from curated archives. Reuse infrastructure carefully with distinct retention controls.

21. What happens during a major migration?

Risk losing retention metadata, audit trails, checksums, and immutability guarantees. Treat catalogs and compliance metadata as first-class assets.

23. When should we intentionally delete data?

Delete when retention ends, legal holds lift, content lacks value, or risk outweighs benefit. Disciplined deletion is good governance.

24. Where does AI search and summarization fit?

AI works best with organized, well-described, access-controlled content. AI enhances good preservation but does not fix poor storage practices.

25. Worst-case scenario if we ignore statutory preservation?

Regulatory fines, adverse court inferences, forced compliance oversight, and possible personal liability.

26. Worst-case scenario if we ignore long-term preservation?

Loss of strategic decisions, product history, institutional knowledge, and cultural assets.

Final Segment

28. First three executive actions

Demand a clear map of current systems and ownership.

Assign named accountability for each function.

Define minimum acceptable posture and fund accordingly.

Revisit annually.

29. Governance structure

Establish a single cross-functional governance group including IT, Security, Legal, Records, and key business units. Provide authority to enforce compliance before major purchases.

For leadership, this comes down to three decisions:

Who owns each function.

What is the minimum acceptable posture.

What gets funded first.

HOST OUTRO

Carl Watts just gave us a masterclass in rethinking how we approach data protection—and it’s not all backup.

Backup, statutory preservation, and long-term content preservation are three fundamentally different beasts with different goals, owners, and technologies. Treating them as the same thing leads to high costs, compliance failures, and lost institutional memory.

Backup answers “Can we recover fast?”

Statutory preservation answers “Can we prove it in court?”

Long-term preservation answers “Will this still be usable in 30 years?”

This is strategic thinking every CIO, General Counsel, and Records Manager needs to hear.

Thanks for joining us on The LTO Show. Subscribe wherever you get your podcasts. I’m Pete Paisley, and remember: It’s not all backup—and understanding the difference could save your organization millions while protecting what truly matters.