If the contract with the government requieres to destroy the data storage device containing sensitve data, it is a known fact before the contract is signed.
In this case you need a different concept for your daily work with this data and how to perform backups:
- Don't store in on a SAN
- Take into account, that you need to destroy your backup, too.
- Recalculate your contract "cost" if you need to replace hardware at the end of the contract.
- Place this "cost of contract" as a new position in your offer, because your customer has to pay compensation - if it is part of the contract, of course.
- Btw. if a harddrive is defect, it has to be destroyed completly by an authorized/certified organization. Don't just throw it away.
Encryption is no option if you work with government/Navy/...