Since many businesses store almost all of their records as electronic data, it is important to recognise that good record keeping practises apply to both physical and virtual storage solutions. There are also legal issues surrounding the storage and use of data which, if contravened, could have serious consequences. Some businesses may already unwittingly be implementing illegal data storage strategies in a quest for efficiency, resulting in data being erased prematurely. This is a notable issue in the current pressured climate. Conversely, others may be breaking the law by retaining data long after the legally designated period.
In a recent article for computing.co.uk, Rosemary Jay outlined the legislative time margins affecting data storage strategies.
There are five principal pieces of legislation which must be accommodated in the data storage strategies of any business. The rules they embody and which many data storage strategies may break relate primarily to data retention. Firstly the Companies Acts of 1985 and 2006 dictate the time period over which records relating to the financial and accounting aspects of a business should be retained. Also included in these requirements are additional types of data including information on shares, shareholders and transactions. This legislation essentially necessitates the perpetual storage of and accessibility to files of this type. Any data storage strategy which does not adhere to the guidelines is technically illegal.
The 1998 Data Protection Act (DPA) is of more concern to businesses that deal with data relating to identifiable individuals. Though the act does not give a specific deadline, it does require that personal data should only be retained by a business or organisation for as long as is necessary. There are guidelines which identify ideal time limits for specific storage scenarios. The DPA ensures that personal information is not available for inordinate periods of time. As a result lethargic data storage strategies which retain data long after it has outlived its usefulness are breaking these important privacy protection laws.
Companies and organisations are also required by law to safeguard all types of data for which they hold responsibility. As a result the security measures that businesses instigate and the data storage strategies they operate should be taken very seriously indeed.