You can have a great plan for data recovery but, if nobody follows it, it is useless. The GDPR is about to increase your personal accountability for protecting data. This fifth post on how executives should think about backup and recovery, helps you prepare for people being unpredictable.
Rule-breaking leads to trouble. We’ve had firms ask us to help with crises like these:
- Laboratory rebuilding of damaged drives because there was no backup.
- Trace, and remotely download, data from stolen devices that were the sole repository of client data.
- Run data searches to find crucial lost or deleted data, sometimes data that was needed for regulatory reasons or court cases.
- Assist with accidental and malicious data deletion by internal staff.
Tell people the good and bad ways to handle data. Explain they need to be careful because it’s the right thing to do and it’s the law. The rules are there for a good reason, even though they may make working life more difficult.
Be prepared to go over your rules more than once. Most people will pay lip service at first.
Senior execs believe the rules aren’t for them even though their work is often the most confidential and they are prized targets. Fee earners working long hours in multiple places think your rules are impractical and obstructive, but they handle client data.
These are the rules to make clear to others and include in your policies:
- Save to your main storage. Not all locations are backed up. They shouldn’t save to a place that makes sense to them but which isn’t backed up.
- What temporary storage, if any, is allowed. People save to all sorts of temporary locations: their personal email, DropBox, USB sticks, etc. Often these files never make it back to main storage and you don’t have the latest versions.
- What deletion is allowed. Well intentioned, conscientious staff can create problems doing “housekeeping”. This happens most frequently with email. Often considered “temporary data” it can hold vitally important attachments and communications. These are lost when mailboxes are “tidied up”, or deleted when staff leave.
- Many smaller firms still manually swap backup drives to get them off-site. People with that job must understand that breaking the schedule is incredibly bad for recovering data.
This post helps you get clearly communicated rules in place to protect you. If you have questions or need further guidance, call or email me (020 7572 0000, firstname.lastname@example.org).