Data Recovery Planning Being Neglected

By Greg McNevin

November 21, 2007: According to a new survey by Kroll Ontrack, many companies are neglecting data recovery when formulating their compliance policies and opening themselves up to unnecessary risk.

In an e-mail survey of 100 users, the company found that despite 78 percent of respondents believing that data recovery is the most important component of a compliance plan, only 50 percent say it is part of their company’s compliance policy.

Ontrack says regulations such as SOX, HIPAA, PCI, FACTA and more demand that companies take responsibility to protect data and make significant attempts to retrieve data that has become compromised or lost. Consequences of non-compliance can be severe, potentially resulting in financial penalties, reduced stock value, loss of customer confidence and lost sales revenue.

That said, Ontrack was surprised to discover that 46 percent of respondents said they were not sure if their company even had a general policy to comply with the applicable regulations.

Furthermore, nearly half of respondents (43 percent) said they don’t believe their companies test their backup systems to ensure data can be produced if needed.

“While data recovery is becoming increasingly synonymous with disaster recovery plans, this survey reveals that data recovery has not yet been deemed a critical component of all compliance policies,” said Jim Reinert, vice president of data recovery and software products for Kroll Ontrack.

“Given the vast number of information-oriented regulations that have been enacted, companies should ensure a preferred data recovery provider is part of their compliance plan in case a data loss situation ever ensues. The risk of neglecting to do so is too high.”

Comment on this story