Nice idea, shame it's impossible?

Even if you've got "secure delete" in one location, someone else in some other location won't have it. Either this "secure delete" is going to have to be so pervasive it's impossible to manage/use or it's going to be no good what so ever.

It could be thwarted by something as simple as a tape backup that fired off while your data wasn't deleted. Tape goes off site for security, how do you delete from it now?

Maybe you've deleted it from the server securely and all the offsite tape backups, archive logs, caches, etc. have been flushed but you didn't realise that because it was in an email there is now a copy in your internet cache directory locally...

Is this "server side" secure delete function going to have the power to clean files off client PCs, even when they've only connected briefly to retrieve their email and are now off the network?

Maybe you've securely deleted every "official copy", but someone was snooping the network when you saved the file and saved the snoop output somewhere for problem analysis.

Perhaps a mirrored disk failed after data went on, was replaced, then the secure delete happened. That disk still contains your data and for the price of a good disk recovery service will be perfectly visible. OK so it will probably be destroyed but at the instant that you press delete thinking it's deleted everywhere, it isn't. There is a window of opportunity that could be exploited.

Basically, if you type something into a computer you should expect it to be retrievable by someone at some stage. It may well be beyond the "hassle horizon" for you to do it if you loose a file, but if there are £millions at stake, then suddenly the "hassle horizon" is a lot further away.

Max