There is often confusion around the terms of a "backup" and an "archive", which can cause problems for businesses who need to be recording and storing the right type of data records for compliance and legal defense measures.
With MiFID II currently in force, it is vital for firms and organisations to understand the correct terminology between a backup and an archive and the difference between the two.
What is a Backup?
A backup is a copy of data that can be used for a business' operational recovery. Therefore, if there has been a case of deletion (accidental or otherwise), overwriting or corruption of your data, you will be able to recover it and resume operations as normal with minimal disruption. If you do use a backup to restore data, you will only be able to restore to a previous point in time (the point where you last backed up your data).
What is an Archive?
On the other hand, an archive is a collection of historical records with the purpose of providing long-term preservation and retention of data for regulatory compliance - not for rapid recovery after a data loss incident. Archives are a stored version of those records that cannot be changed and are incorruptible.
Why Archiving is Essential for MiFID II
The Code of Practice on Evidential Weight and Legal Admissibility of Electronic Information (BS 10008:2014) is concerned with the authenticity, integrity and availability of electronically stored information.
In particular, an organisation must be able to demonstrate certain proof (whether to a court of law or regulatory body) that the contents of a data file or document have not changed since the time of storage and is a true representation of the original form. Proving authenticity of electronically stored data is crucial to admissibility.
If a business is backing up their electronic communications primarily for the purpose of disaster recovery, then it's unlikely this data will be legally admissible in court in dispute resolution. As a backup is only a copy of data at a particular point in time and designed for rapid operational recovery, it may be stored in a format that can be manipulated after capture and is therefore refutable. In addition to this, according to Article 16 of MiFID II, a backup would not be able to demonstrate the proper level of compliance in being "accurate, quality and complete" data.
This is why an archive is essential for MiFID II where Article 16 is concerned with recording electronic communications in a compliant way. If your archives:
- Use WORM (write once, read many) technology
- Are ISO accredited in how they are managed and stored
- Have timestamp functionality
You can ensure that your data cannot be directly modified once it has been stored and has the added advantage of providing certain proof for admissibility purposes and can demonstrate compliance for MiFID II and regulatory bodies such as the FCA and SEC.
Time to Look for the Right Archiving Solution
Though the MiFID II deadline has passed, due to the scale of what is required, the FCA has stated that they will act more
So if at this stage, your firm has only been making use of backups for your electronic communications, then it is vital to start looking at implementing a suitable archiving solution that can help with your compliance with MiFID II as soon as possible.
For more information on archiving your electronic communications for MiFID II, Article 16, download our free guide to see how MirrorWeb can help with your compliance.