printer friendly version

Complying with data storage and retention laws - it makes good business sense

As the world becomes increasingly digitalised, organisations are storing more and more data electronically, much of which is mission critical and essential to running their business. The integral nature of this data to the business world, as well as events such as the Enron debacle, led governments around the world to begin passing various pieces of legislation around the protection of electronically stored information.

Compliance with legislation in this regard has forced organisations around the world to examine their data policies and adopt new guidelines for the retention, processing and destruction of electronic records and communication. One of the most notable regulations not only for the United States where this law was passed but for organisations around the world, particularly those is the financial sector, was Sarbanes-Oxley, or SOX.

Since the introduction of this regulation there have been many others from various countries, all of which affect multinational corporations or any business which has dealings with these countries. South Africa is no exception, and the most notable piece of law in this regard is the Electronic Communications and Transactions (ECT) Act which came into effect in August 2002 and is aimed at creating a legal framework for governing electronic documentation and transactions. The South African Revenue Service (SARS) also requires that companies keep documentation for a minimum of five years for tax purposes, and the Johannesburg Stock Exchange (JSE) has its own regulations around data retention that listed companies need to comply with.

With all of these regulations that must be adhered to at the risk of strict financial and business penalties, compliance has become not so much a matter of sticking to the letter of the law, but more about business continuity, which after all was the reason behind these laws being imposed worldwide in the first place. However these laws have also meant that requirements for data storage have increased dramatically, as in many cases, for instance the legal profession, they require all electronic documentation and communications to be kept, even junk e-mails and spam. The financial sector also has very strict guidelines as to what information must be kept and for how long, and these regulations mean that the required amount of storage continues to increase along with the volumes of electronic data.

One of the major issues that impacts data storage is having the incorrect software for backups, which results in duplicate copies of the same documents and communications being stored, wasting space and as a result costing money that need not be spent on excessive storage capacity. By introducing software with de-duplication technology, organisations can ensure that only one copy of electronic data will be stored, reducing space requirements dramatically.

The reality is that more laws governing electronic data are in the pipeline, and businesses need to be able to keep their information securely in order to comply. However this does not mean that data retention needs to cost the earth, as a smart strategy around backup and retention can not only aid in compliance but can safeguard the continuity of the business by ensuring that mission critical data is always available for recovery should a crisis occur.

Storage is however not a ‘one size fits all’ technology, and there are various solutions available, including disk storage, tape storage and even cloud storage technology, with both on-site and off-site options available.

Which solution is best for any particular organisation depends on the size and needs of the business, so it is advisable to deal with a backup and security expert who can help to ensure that the solutions that are put into place will meet the needs of today and into the future.

Storage, backup and recovery should form part of strategic business planning to ensure that current and future needs can be met, that businesses comply with all of the regulations related to their industry and business dealings, and that the correct software is in place to optimise the effectiveness of storage solutions and minimise the impact to the bottom line while still remaining effective and ensuring business continuity. It just makes good business sense.

Fred Mitchell, Symantec Division manager at Drive Control Corporation

Share this article:

Further reading: