In this day and age, the amount of electronic data that gets transferred and stored grows exponentially, especially for businesses such as accounting firms and law firms.
It is unsurprising that services that provide inexpensive and easy-to-use off-shore data storage or “cloud computing” are becoming increasingly desirable data storage options for businesses. These services often offer third-party hosting of electronic data and/or software that assist in transferring and storing data from businesses to third-party storage facilities.
However, these services are not foolproof and are susceptible to a number of different issues. So before you consider relying on cloud computing as a method of storing your electronic data, you may wish to consider the following:
- Risk and quality management strategies – whether electronic data is stored in-house or off-site, there are the ever present risks of security compromises and data loss. However, when data is stored off-site, it becomes outside your control as to how such risks are managed by the third party service. You should be satisfied that the data service has satisfactory risk and quality management strategies in place to account for potential security issues and that all of your data are backed-up regularly.
- Jurisdictional issues – off-site data storage servers may not be located in the same state or country in which you operate. If the servers on which your data are stored are physically located in another country, there may be laws and rules that govern how the data may be used or retrieved in such a country, of which you may not be familiar. If you are intending to store electronic data off-site, especially if it is sensitive client data, you may consider engaging a service within your jurisdiction.
- IP Protection – the protection of your business’ intellectual property in your data stored off-site should be a critical consideration. In additional to the potential jurisdictional issues relating to IP if the data is stored off-shore, consideration should be given to the service provider’s policies in relation to how they handle your firm’s IP in your data stored on their servers.
- Confidentiality – often times, very sensitive and important client data and information are kept as electronic data. You should consider whether such data should be stored in-house or off-shore and if the latter, you may wish to discuss it with your client before doing so.
Before engaging an off-site storage service, you should perform the necessary vendor due diligence to pick a service provider that is suitable for your business model and that can meet your quality, operational and financial expectations.
If you have any queries, please contact your local MSI advisor.