Ghosts in your machine. Data pipelines continue executing after their creators leave and their business purpose expires. They process customer information, join sensitive tables, and create data lineage that cannot be traced. These abandoned pipelines create compliance risks that compound until they are discovered during audits or breach investigations.

These abandoned pipelines function as ticking compliance time bombs.

You can know GDPR and CCPA by heart, but that knowledge becomes useless when a regulator points to a pipeline and asks: “Why does this exist, what data does it process, and who is responsible for it?” A blank stare means you’ve already lost.

This is where theoretical privacy training fails. Knowing regulations doesn’t equal proving compliance. You need systematic control over every pipeline touching sensitive data, including the ones nobody remembers creating.

Hey there! Welcome to The Data Letter 👋🏿 👋🏿👋🏿

I’m Hodman Murad, and I help data teams build reliable, scalable systems.

When Zombies Create Your Worst Nightmare

Zombie DAGs create three specific compliance failures:

Incomplete data lineage. GDPR audits require tracing customer data through every system. When lineage tools point to pipelines in deprecated frameworks with no maintainers, you cannot complete the audit. Regulators interpret the inability to trace data as a lack of control.

Unknown access patterns. After credential leaks, security teams need an immediate inventory of what was accessed in compromised databases. Service accounts tied to forgotten pipelines show regular queries with no documented purpose. You have 72 hours to report the breach scope, but you cannot explain what data was exposed.

Failed deletion requests. Standard deletion scripts handle documented pipelines. Undocumented pipelines continue processing, causing deleted customer data to reappear weeks later in downstream tables. A single failed deletion request creates a regulatory violation.

These failures happen during audits and security incidents, not during route operations.

Why Manual Efforts Fail

Running a report on old pipelines and starting cleanup seems straightforward. This approach fails for three reasons.

Political paralysis. Without a formal process, investigating a zombie becomes an organizational nightmare. Teams point fingers. No one accepts ownership for pipelines they didn’t create. Investigation stalls while everyone waits for someone else to take responsibility.

Business logic blackout. You can read code, but can’t determine intent. Decommissioning a pipeline that seems useless, only to break a critical executive dashboard six months later, becomes career-limiting. Fear of unknown dependencies keeps zombies alive indefinitely.

Systemic repetition. Changing one zombie without a system fix proves pointless. Two more emerge next quarter because the root cause (the lack of a data lifecycle policy) remains unaddressed. You’re playing whack-a-mole with compliance risk.

You need more than a suspect list. You need a formal investigation process, a decision framework, and an execution playbook. All within a system that protects business continuity while eliminating risk.

Here’s what you’re getting: a working system for hunting down and killing zombie DAGs before they kill your compliance posture. The playbook for finding them, deciding their fate, and making sure new ones don’t spawn.