More on stored data
The more I looked into the regulations and jurisdiction of hosted data the more confusing it is. There are a host of security regulations, PCI-DDS for credit card information and HIPAA for health care to name a few, but only a few that govern who can have access to your data. The Patriot Act allows the government access, there are some state regulations and the Federal Rules of Civil Procedures. In an article written by Kelley Damore in the April issue of CRN the FRCP defines electronic documents are discoverable. documents must be provided in response to law suits or IRS actions as an example. So what can you do as business using a hosted solution to protect your data or least be notified if there is a request for your data. Here’s some steps you can take:
- Get the specific locations where your data is stored
- Encrypt your data
- Ensure you have the only key to unencrypt the data
- confirm that the host provider has a policy to notify you if there is a request for your data
- If you must provide the data that you only you can download the data.
What I’ve learned that this is complex issue and as result we are hiring a data security firm with specific expertise in data security issues.