Running a 2 year old copy of OpenBSD still safe (unless you make it otherwise). Your Linux ISO from 2 weeks ago is already vulnerable.
Is my old data on a cloud based system considered abandoned if I continue to actively use the system but don't touch some items?
This is one of the problems the ISPs want clarified; the law doesn't specify if the whole account has to be inactive, or just certain items. The law has many other problems because of changes in modern technology.
"It says he made us all to be just like him. So if we're dumb, then god is dumb, and maybe even a little ugly on the side." -- Frank Zappa