Comment by zwnow
9 days ago
Funnily enough, Germany has laws for where you are allowed to store backups exactly due to these kinda issues. Fire, flood, earthquake, tornadoes, whatever you name, backups need to be stored with appropriate security in mind.
Germany, of course. Like my company needs government permission to store backups.
More like: your company (or government agency) is critical infrastructure or of a certain size, so there are obligations on how you maintain your records. It’s not like the US or other countries don’t have similar requirements.
[flagged]
31 replies →
(Without knowing the precise nature of these laws) I would expect that they don't forbid you to store backups elsewhere. It's just that they mandate that certain types of data be backed up in sufficiently secure and independent locations. If you want to have an additional backup (or backups of data not covered by the law) in a more convenient location, you still can.
> sufficiently secure and independent locations
This kind of provision requires enforcement and verification. Thus, a tech spec for the backup procedure. Knowing Germany good enough, I'd say that these tech spec would be detrimental for the actual safety of the backup.
4 replies →
Certain data records need to be legally retained for certain amounts of time; Other sensitive data (e.g. PII) have security requirements.
Why wouldn't government mandate storage requirements given the above?
No it doesn’t. It does however need to follow the appropiate standards commensurate with your size and criticality. Feel free to exceed them.