This article outlines our official company policies on a range of data handling issues, and explains them in plain English.
TL;DR summary
Your data is your data. That’s one of the underlying principles of how we do business.
With all our software products (BackupAssist Classic, BackupAssist ER and BackupAssist 365) we offer clear and careful data handling:
Privacy |
|
Sovereignty |
|
Accessibility |
|
Anonymity |
|
Trust |
|
In other articles, we’ll explore how our products achieve these characteristics. You can find these articles here:
This article provides the reasons why we take this approach, and also provides a primer for system administrators looking to fully understand these important issues.
Careful data handling is important for our client base
Our client base is extremely diverse – and careful data handling is required for a large proportion of our users for both commercial and legal compliance reasons.
Some examples of the type of our clients, and their top data handling priorities, are:
- Research laboratories – ensuring that confidential trade secrets (such as research outcomes, experimental results) stay confidential.
- Medical practices – keeping patient records safe and compliant with HIPAA and GDPR regulations.
- Banks – keeping client information private, including financial records and personally identifiable information.
- Government departments – such as police, courthouses, libraries and social services: storing citizens’ data within country borders to satisfy data sovereignty laws.
We understand that careful data handling is not an imperative for everyone. But if it is important to you, then you’re in safe hands with BackupAssist.
Life’s easier when you know where your data is
As a system administrator, your life is busy enough. The last thing you need is unexpected surprises.
Even worse is an unexpected surprise that could mean you’re breaching data sovereignty laws and recovery SLAs.
We’ve heard first hand from administrators and MSPs that at least one major “all in one” backup solution provider (where the backup software and cloud storage are offered as one package) has covertly moved data around in the background without informing their clients.
This particular administrator had to comply with data sovereignty requirements, and his chosen solution appeared to satisfy them, hosting cloud backups on servers in America, for American clients. However, months later when doing a restore, the administrator noticed that when downloading his data, the download became unexpectedly slow. After inspecting the network traffic, he saw that he was actually downloading his backup data from somewhere in Eastern Europe. Unknown to him, the backup provider had moved data offshore – presumably to lower costs.
The lesson was clear. As an administrator, you don’t really have time to monitor the data handling policies of your backup provider.
And thankfully with BackupAssist, you don’t have to. You get to choose exactly where your data is, because you’re always in control of where you put it.
Restoring data is not just about today, but with the future in mind
There are numerous situations where restoring data from a backup is not just about recovering some recently deleted data.
It could be about restoring data from backups of decommissioned systems, that might be a decade or two old.
Take for example, a construction company that offers an 18-year guarantee on their buildings. In the event of a legal dispute, the ability to restore key information like emails and files could make the difference between winning or losing a court case.
In this case, any kind of vendor lock-in is your enemy. Are you dependent on your backup provider still being in business, 18 years later?
At BackupAssist, we hate the lock-in. We believe in free and open access.
Wherever possible, we provide options where you can access and restore your data well into the future. By storing data in non-proprietary or ubiquitous file formats, your data can be easily accessed.
As two examples:
- BackupAssist Classic and BackupAssist ER – drive image backups are stored as VHDX files, which can be opened by our recovery tools, by Microsoft’s operating systems, or 3rd party recovery tools.
- BackupAssist 365 – mailbox backups are stored in PST files, enabling you to restore using our restore tools, Microsoft’s restore tools, 3rd party recovery tools, or by opening the backup files in Microsoft Outlook.
Anonymity – a useful addition for security
Anonymity is often underrated and misunderstood. Many people think that if they conduct their affairs legally, they should have nothing to hide.
However, there are cases where anonymity can have security benefits.
While we’ve already explained that you can keep your backup data private with BackupAssist, protecting the identity of the owner of the backup data, or even the fact that an organization performs backups with BackupAssist, can help prevent security breaches.
You can, with our products, maintain a level of anonymity by fully self-hosting even the monitoring of the status of your backups, such that we don’t know what your backups contain or whether they were successful.
(If this doesn’t fully make sense now, it will when we go through the features of our individual products.)
We don’t want to be a source of a data leak
Under the legal system in America, Australia and many other countries, companies can be compelled to hand over data by way of a legal subpoena.
This means that a 3rd party can be compelled to hand over data to unknown people, and cause a data leak for multiple clients.
For example, if a hard drive contains data belonging to 3 clients (called ‘A’, ‘B’ and ‘C’), and ‘C’ becomes involved in a legal dispute, a court can subpoena that hard drive. This automatically compromises the privacy of clients ‘A’ and ‘B’, who may never even find out about the leak.
While subpoenas can be fought in court, doing so takes time and money, meaning generally only large organizations would do so. The majority of organizations would simply comply.
At BackupAssist, we never want to be the source of a data leak. And because we do not host your backup data, even if we were subpoenaed, we would have nothing to hand over.
Maintaining the trust through clear communication and policies
Now that you know more about our philosophy of “your data is your data”, we trust that it makes sense.
You can be assured that we will not deviate from our approach. It’s not only our guiding light, but it’s the promise we’ve made to hundreds of thousands of organizations across 165 countries.
In subsequent articles, we’ll explain, in detail, how our software products provide careful data handling:
Also refer to our GDPR statement and privacy policy for further information.
Do you have questions about this article? Contact our Client Success team and start a conversation.