Electronic data has been growing in size and proportion for several decades. The sheer amount of electronic files (e.g., emails, pictures, videos) has consumed local and remote databases. The cloud storage facilities have been put together to hold this information for us. Cloud storage facilities have certain obligations towards their customers which include secure storage of electronic files by using industry-approved protocols. The rules for proper storage should not change based on the particular industry. In fact, the cloud storage facilities are supposed to use similar protection measures for all electronic files – e.g., encryption – to ensure safety.
Encryption is a tool or resource that allows the files to be scrambled and hidden from plain sight. The encrypted data is called “ciphertext” which can only be decrypted with the right key. There are two types of encryption. First, is symmetric encryption. Second, is asymmetric encryption. Symmetric encryption uses one key for encryption and decryption. Asymmetric encryption uses two different keys for encryption and decryption – i.e., the private and public key. The public key can be shared with the general public but the private key remains a secret and is only accessible by the right individual. There are various encryption technologies such as AES, Triple DES, RSA, and Blowfish.
Electronic data retention includes collecting, storing, and managing information. Private and public organizations should have the right rules and regulations that help define how electronic information should be located, identified, and stored. There are government regulations, international standards, industry regulations and internal policies. Government regulations are set by state or federal governmental agencies such as the Federal Trade Commission and Internal Revenue Service. International standards are set by the International Organization for Standardization like ISO/IEC 27040, IS 9001, ISO 17068:2017. Industry regulations include the GDPR, PCI-DSS, and CCPA. Finally, internal policies include data version controls and employee record retention.