Legislation like Sarbanes-Oxley and HIPAA have mandated that companies and organizations, and those who lead them, take responsibility for protecting vital business documents, medical records and digital media.
In an article by attorney Robert P. Bigelow, he makes the case for why management should pay attention and take a proactive role in protecting vital records:
Any organization which fails to institute appropriate security measures can expose not only the organization but its board of directors individually and personally to substantial liability, which can be imposed by contract and or by law. The board of directors of a corporation has a fiduciary responsibility to the stockholders to protect the assets of the company. Failure to establish and maintain a reasonable security program is a breach of that fiduciary duty; in case of substantial loss, the members of the board may be personally liable to stockholders whose stock has been devalued. The corporation may also be liable to others, either contractually or under the doctrines of tort law (a civil wrong for which the law imposes liability).
Management, whether it realizes it or not, is responsible for the security of the organization’s information system. Sometimes this responsibility is contractual, sometimes it is created by law, and sometimes it will be imposed by the courts. If top management does not act to establish and maintain adequate data security procedures, the organization could be liable for substantial damages . . . and those damages may be collectible from the managers personally!
The operation of a business requires organization and focus, including implementation of effective archiving protocols and procedures.
At Perpetual Storage we help clients manage their long-term storage by providing courier service that routinely picks up electronic data for storage. Having this pick-up schedule in place creates a consistent, reliable schedule for backing up data, and it forces employees to prepare back-ups and not procrastinate.