A new challenge: keeping data safe but accessible

Published at Dell Tech Page One  By Michael O’Dwyer

As SMBs assess their approach to data storage, they must consider their legal obligations

Storing key information is no longer a simple task for businesses. These days, lawyers play almost as big a role as IT departments.

That’s because companies now must keep data secure and protect client privacy as well as ensure that information is accessible to regulators and outside litigators.

Complicating matters is the proliferation of devices — workstations, smartphones and tablets — all of which must be searchable for any e-discovery requests.

The same is true for social media as well as real-time communication such as text chats or VoIP, which are subject to US wiretap laws.Big data, third-party cloud services and remote workers just add to the challenge, since all data must be categorized for effective and selective retrieval when needed.

As a result, IT administrators can no longer make their own storage assessments without considering a company’s legal obligations. 

 Charles A. Krugel

HR attorney and counselor, Charles A. Krugel believes that even when a company wins an e-discovery case, the loss of time, productivity and related media exposure results in a Pyrrhic victory, with little cause for celebration.

Planning a strategy

Planning for the storage and archiving of data requires careful analysis. Companies that ignore it or assign it a low priority will ultimately pay the price as e-discovery and data-privacy legislation evolves.

Hardware selection becomes more about a scalable system that allows prompt retrieval of data than simply adding storage as needed. Some companies, for example, currently segregate documents, email and raw data from databases.

Shneur Garb, co-founder and lead engineer at the Garb Consulting Group LLC, a Teaneck, NJ-based provider of managed services for SMBs, believes that companies should focus on critical data that would interrupt business if lost.

Staff training materials, for example, should be of secondary importance.

“Companies may have training videos, pictures of locations and other large files that may not need to be saved offline,” Garb says. “What is the most mission critical data that [would directly impact the company when lost]?”

He also recommends real-time email backups for all staff, with the added warning that users should not delete emails to reduce their mailbox size, given that any email could be requested under e-discovery.

Steve Burgess, president of Burgess Consulting & Forensics, a Santa Maria, CA-based provider of forensic, data recovery and expert witness services, believes that companies need to determine their storage needs in advance of hardware purchase.

For instance, hardware backups are essential and should be normal practice.

“In general, at an enterprise level, a central copy of data…should be kept updated in real-time,” Burgess says. “Even so, a local backup should be kept, which should include grandfathered backups (a third backup) kept off-site.”

Verifying data integrity by restoring from backups is an important activity and should be scheduled on a regular basis, adds Garb.

Legal considerations

Charles A. Krugel, a human resources attorney and counselor, focusing on labor and employment law, believes “there is no one-size-fits-all” answer to how employers deal with electronic storage, data retention, privacy and ownership of content or equipment.

The law varies based on who owns the equipment and the bandwidth being used, as well as whether active steps are taken to protect information (e.g., encryption, passwords, varying levels of access).

However, companies that don’t take active measures to protect or regulate data, equipment and content are vulnerable to litigation and regulatory agencies.