Data at rest

Data at rest includes but is not limited to archived data, data which is not accessed or changed frequently, files stored on hard drives, USB thumb drives, files stored on backup tape and disks, and also files stored off-site or on a storage area network (SAN).

[4] Mobile devices are often subject to specific security protocols to protect data at rest from unauthorized access when lost or stolen[7] and there is an increasing recognition that database management systems and file servers should also be considered as at risk;[8] the longer data is left unused in storage, the more likely it might be retrieved by unauthorized individuals outside the network.

Periodic auditing of sensitive data should be part of policy and should occur on scheduled occurrences.

Tokens require significantly less computational resources to process and less storage space in databases than traditionally encrypted data.

This is achieved by keeping specific data fully or partially visible for processing and analytics while sensitive information is kept hidden.

Under the terms of the USA PATRIOT Act[12] the American authorities can demand access to all data physically stored within its boundaries, even if it includes personal information on European citizens with no connections to the US.

A data federation policy which retains personal citizen information with no foreign connections within its country of origin (separate from information which is either not personal or is relevant to off-shore authorities) is one option to address this concern.

However, data stored in foreign countries can be accessed using legislation in the CLOUD Act.