The widening remit for data security is being addressed by various legislations such as Basel II, HIPAA, Sarbanes-Oxley and PHIPA. The fact that many companies are simply flouting these rules with the view that the fines they could face are less that the cost of implementing the solutions, means that only when the fines are increased and the number of prosecutions grows that legislation will have a real impact.

In Japan, where the number of disappearing data tapes is unusually high, the government has brought in legislation that requires a person in each company to be responsible for data security, and he or she will be fined and serve a prison sentence if they fail to comply with legislation. This apparent draconian measure may well be needed in other counties in order to bring companies in line. In Europe, a CEO is already liable for failing to implement an acceptable information security policy and he or she would be liable for a substantial fine or a custodial sentence in extreme cases.


In the past encrypting data has tended to use software running on the host systems, resulting in slow and inefficient data transfer which has led to reluctance to use encryption for security. Today dedicated hardware devices are available to offload the process to inline units designed for the task. Through the use of dedicated compression and encryption engines, encryption hardware is capable of running at the full speed of modern tape drives, with little or no latency and degradation.

It is interesting to note that some companies have used their investment in security devices as a sales tool to show they are taking the best care of their customers’ data, rather than just hoping it doesn’t get lost and compromised. As insurance companies who cover business losses see the advantage of securing data, including backup tapes, we can expect insurance premiums to reflect this.