How safe is your data? not just the data your dealer needs to store (and for which, you hope, it already has a good storage mechanism), but also the data you use for your own sales and marketing purposes.
Financial advisors are faced with tough challenges when it comes to backing up data. You are constrained by your industry’s particular regulatory conditions, and you also are operating in a highly competitive market in which any loss of information could be operationally damaging. But backing up the data that support your practice needn’t be a headache.
According to Ed Skwarek, vice president of regulatory and public affairs at Advocis, there are, broadly speaking, two types of data to consider: the type that directly supports trades, and therefore falls under the purview of the regulator; and the type that doesn’t.
“The mutual fund dealers themselves are told [by the Mutual Fund Dealers Association of Canada] what has to be accomplished,” Skwarek says. “They will tell the approved person what they want, and how they want it held.”
The dealers, in turn, will draw much of their guidance from the regulator. But the section of the MFDA rules dealing with the data storage says little, other than that a member firm should have internal controls to guard against the risk of falsification and that the firm has “suitable backup and disaster recovery programs.”
The Investment Industry Regulatory Organization of Canada takes a similarly hands-off approach to the issue of data backup. IIROC sets rules and provides guidance to firms and registrants on proper record-keeping but is not specific when it comes to backing up data, according to Connie Craddock, IIROC’s vice president of public affairs. She suggests financial advisors rely on the “firms themselves rather than the regulator.”
As an example, Toronto-based Dundee-Wealth Inc. asks its advisors to send anything that has to do with signed documents or historical information pertaining to trades back to the firm, says Farhan Hamidani, the firm’s senior vice president of retail development. This information can be sent in paper-based form, by fax or digitally through the company’s Dataphile back-office system.
“We do need copies of the paper-based documents, but the advisor will often have more information about the client than we will,” Hamidani says. “They will have data in customer relationship management files.”
This is where the advisor must satisfy his or her own backup requirements. The main rule to be aware of here is the Personal Information Protection and Electronic Documents Act. PIPEDA contains 10 principles, including openness, the right of individuals to access information stored about them, adequate security in storage, and consent by the individual. Backing up data in line with those principles just requires common sense. For example, backing up unencrypted information to a disk that you then leave lying around the office (or lose in a bar) will be a problem.@page_break@Most responsible backup products and services will cover these bases for you. Backing up to a local hard drive connected to your computer or network is a possibility, although encrypting the data at source is a good idea. Many options (such as Windows Bitlocker from Redmond, Wash.-based Microsoft Corp. ) are available to encrypt the source hard drive before the data is backed up to a secondary unit.
Local backups such as these, however, are susceptible to physical disaster at the office. If a fire or flood wreaks havoc, will your data survive? An alternative is cloud-based backup, in which your data are automatically copied to an encrypted online site. There are several options here, including Mozy, the service offered by EMC Corp. of Toronto.
Another cloud-based alternative is SpiderOak, from Northbrook, Ill.-based SpiderOak Inc. , which provides two gigabytes of free storage and, like Mozy, encrypts all the data being stored. SpiderOak stores the changes to your data whenever you alter a file. It also stores the entire history of a file, including all the changes made to it, and will retain a file even after it has been deleted.
One of the nice things about SpiderOak is its ability to store data in a central repository handled by multiple devices, including your iPad. This feature makes it possible for you to synchronize data among all the devices you use, so data from your office PC can be made available on your iPad or on the laptop computer you keep at home without you having to worry about transfers.
Whether you choose a local or a cloud-based backup solution, it won’t cover email archiving. Although, as Skwarek points out, any regulated information sent by email would have to go through a dealer’s compliance department first, it is still good practice for you to keep records of your own emails.
Your dealer may already have its own email-archiving system in place. If not, at the very least, you could store backups of an Outlook PST file using your backup system of choice. However, the nature of Outlook file formats makes it difficult to duplicate them, so backing them up incrementally every time something is changed could quickly max out backup storage space.
One option is to make backups of PST files less frequent. Another is to use an online, cloud-based archiving service in which emails are passed through a third-party service provider, which encrypts and stores those emails for future retrieval. Organizations such as MessageSolution Inc. and LiveOffice LLC, both of California, provide such services.
Whatever backup method you choose, the most important thing is to take action now — before disaster strikes. IE
Many options for backing up data
It’s up to your firm to make sure your trade-related information is secured according to regulatory requirements. But what about other important data? If you don’t have a backup system, the time to start arranging for one is now
- By: Danny Bradbury
- April 29, 2011 November 6, 2019
- 12:56