Data Backup Digest

There are many different factors to consider when storing data within business. You’ll need to make sure that you have a thorough backup plan in place. You’ll need to maintain high levels of security and encryption. You’ll also need to monitor capacity levels and keep costs low. But have you thought about the legality behind data storage?

Businesses worldwide are bound to obey laws that cover data storage, but the specifics will vary by country. This article aims to provide a general overview of what the laws are, but do remember that they could vary for your specific location, so ensure you are confident of your local laws before acting.

According to research carried out by Dell, nearly half of British companies reckon that their IT expenditure has increased over the previous two years simply due to legislation compliance. It was reported that, on average, over one-tenth of the technology budget for the year is spent on complying with law. A quarter of those surveyed believed that budget allocation to be detrimental to other areas of their business.

Complying with law might require allocating some of the budget to the cause, but what sort of laws affect business data storage?

It is a requirement of the US Sarbanes-Oxley Act of 2002 that companies who trade publicly on the stock exchange (or who intend to), accountants and attorneys all hold their electronic business records for a minimum of five years. Additionally, following audit, financial data must be retained for seven years. This raises the important for secure data archiving. This data might not be required internally and may never be accessed again, but if the government comes knocking then the files need to be produced.

The law also extends to how businesses store the personal data of their customers. Not only how the data is stored, but how it is protected. The Data Retention Regulations 2009 in the UK outlines broadly that the data must be “subject to appropriate technical and organisational measures to protect the data against accidental or unlawful destruction, accidental loss or alteration, or unauthorised or unlawful storage, processing, access or disclosure”.

It is recommended by Computer Weekly that a three-step approached is followed when it comes to legally storing data. First, all data must be stored to the legal industry and governmental requirements. Secondly, this should be implemented using the best technical solutions available, such as encryption, data masking and a controlled ecosystem. Finally, all users must be trained in the best practice in regards to data storage.

Although there is a lot of legislation to follow that is beyond the scope of this article, it must be remembered that legislation has been created not only to protect the consumer, but also to protect the company. Ensuring data storage processes are secure will avoid consumer fallout and may also lead to an improved brand image. Also, it will help efficiency operationally; data can be stored systematically and it will allow for better archiving and storage in general.