Off-site records storage vendors not making the grade

Most businesses today do a reasonably good job of securing sensitive information on their servers.  Specifically, personally identifiable information of consumers is finally receiving the attention it deserves – at least by most companies.  Businesses are taking their responsibility as stewards of the information entrusted to them more seriously.  Given the foregoing, it is amazing how few companies think about data security when they entrust their records to a third party vendor for off-site, long-term storage.

Those attempting to address this issue will find a sharp disconnect between the approaches off-site storage vendors take in their agreements regarding security and the rest of the world.

That is, some storage vendors seem to have missed the last several years of laws, regulations, and headlines regarding just how important data security really is.  Some of these vendors offer little more protection in their agreements than one would receive at a monthly container rental facility alongside the interstate.  Something needs to be done.

Businesses need to look more closely at their off-site storage vendors, conduct appropriate due diligence, and require specific language in their agreements regarding the vendor’s obligations concerning information security.  To stay competitive, storage vendors are going to have to step-up to the plate on security issues, including being able to furnish their customers with written evidence of their security procedures and the results of recent security audits.