What happens when files you’ve deleted suddenly come back? Usually it’s no big deal – just delete them again. But sometimes it’s a very big deal. For some of you, you may have noticed a few changes to your Dropbox account today – files you deleted as far back as 2009 have been reanimated and have reappeared in your file system to the dismay of many.
This seems to have been a bug in Dropbox’s system, and fortunately not a data breach, which will make it easier for Dropbox to solve. For users, however, this is a potential liability, and should raise serious concerns about how Dropbox is managing their private data.
I’m a big proponent of cloud services and they’re pretty mainstream in business these days. But not all cloud services are created equal and it’s still important to do proper due diligence in selecting a cloud-based solution – whether for private use or for your company. Different cloud providers have different ways they handle customer data, and as such, a good rule of thumb is to ask the probing questions to ensure you have all the facts: do you know how a cloud storage or sync provider actually manages your data? Who at the cloud vendor’s site has access to your information? What kind of security processes do they support?
In some cases, a cloud service may not meet your needs, or you may want to be in full control of how data is stored and accessed. In these cases, an on-premises solution is a better fit. Consider what’s best for your specific situation.
For organizations in the legal, financial services, and healthcare spaces, there’s the concept of retention; certain information, files, records, and other data must be maintained and retained for a certain period of time — 2 to 3 years, or even 7 years and longer. Some of this is driven by statute and regulation, but it could also simply be company policy. In many cases, the requirement for data retention is not defined as “at least three years” but “exactly three years.” At three years and one day, that data should be destroyed, purged, and gone for good. Why? Well, one example is for privacy and protection: The Children’s Online Privacy Protection Act (COPPA), U.S.C. §§ 6501-6506, specifies that information about children under the age of 13 should not be retained any longer than necessary. This record destruction policy is intended to protect confidential information.
The reasons for destruction are many – whether it’s corporate policy, best practice, or regulatory requirement – but thinking you’ve done your job of deletion, only to find the deleted material reappear can expose you to liabilities that will give your compliance officer grief. Or maybe you just don’t want that embarrassing high school photo to come back and haunt you.
Biscom’s Secure File Transfer is offered both as an on-premises solution as well as a cloud solution, and both support retention features that can be set on a global level or at the individual user level. This helps ensure your files are handled properly and comply with your corporate retention policies.
Whatever the case, the best solution to mitigating this liability risk is to do the research, ask the questions, and make an informed decision to cover your bases. Your compliance officer will thank you.