An improved information retention management mechanism is disclosed wherein an
information set may be purged from an information system without having to delete
the information set from the system. Whenever an information set enters an information
system, a key is associated with the information set. The information set is encrypted
using the associated key, and the encrypted form of the information set is stored
in the information system. The unencrypted form of the information set is not stored.
To render the information set to a user, the encrypted form of the information
set is accessed along with the associated key, and then decrypted using the associated
key to derive the original information set. Once derived, the information set is
rendered to the user. So long as the associated key remains in the system, this
process may be carried out to render the information set to a user. At some point,
in accordance with an information retention policy, the information set is selected
for purging. To purge the information set, all that needs to be done is to delete
the associated key. By deleting the associated key, all copies of the encrypted
information set stored within the information system are made unrenderable; as
a result, the information set is effectively "purged" from the system. This purging
is achieved without having to delete the encrypted information set from the system.
