General Data Protection Regulation (GDPR)
As part of GDPR compliance, YB Backup will provide the following features:
​
Data Protection
-
All necessary technical measures to ensure personal data is protected
-
All data transferred to YB Backup is encrypted during transit and at rest, and is not processed by YB Backup for any purpose other than as agreed upon in our terms and conditions
-
Protect data from loss
Data Selection, Retrieval and Removal:
-
Allow exclusion of files from backup
-
Allow users to remove their files from backups
-
Allowing for robust data recovery with availability of data versioning
-
Provide tools to recover data
-
Timely data-breach notifications to customers
​
Right To Erasure
This is the right to have all personal data removed from our systems upon request. To exercise this right; please contact our support team to begin the process of verification and data removal.
​
Customer's responsibilities under GDPR:
YB Backup strives to be a valuable resource and provide support to our valued partners and clients to help them achieve their own compliance with the GDPR. Compliance is your responsibility. Your obligations as the business customer and the data controller, have specific legal obligations under the GDPR. You should be confident that any providers (data processors) which you work with, have a highly robust approach to data protection, understand the obligations of the GDPR and are well prepared to meet them.
​
YB Backup provides features you can use to meet your obligations under GDPR, but no provider can ensure GDPR compliance for you, nor can we dictate how or if you choose to be compliant.
​
Health Insurance Portability and Accountability Act Compliance
​
The Health Insurance Portability and Accountability Act of 1996 (HIPAA) is the result of efforts by the federal government to ensure healthcare data practices allow patients to easily move jobs, insurance, and/or healthcare providers.
The goals and objectives of this legislation are to streamline industry inefficiencies, reduce paperwork, make it easier to detect and prosecute fraud and abuse, while enabling workers of all professions to change jobs easily even if they (or family members) had pre-existing medical conditions.
HIPAA requires the ability to establish and maintain reasonable and appropriate administrative, technical, and physical safeguards to ensure integrity, confidentiality, and availability of information. Healthcare organizations are required to individually assess their security and privacy requirements and take suitable measures to implement electronic data protection (both in transit and in storage).
As proposed, a HIPAA-compliant information system must include a combination of administrative procedures, physical safeguards, and technical measures to protect patient information while it is stored and transmitted across communications networks. YB Backup provides critical data security protection without compromising patient privacy and can help customers achieve HIPAA compliance.
​
YB Backup assists healthcare providers to be HIPAA compliant in the following manner:
​
-
Unauthorized access to individually identifiable health records is strictly forbidden; data is encrypted and transmitted securely to a vault that resides at a world-class data center that provides SOC approved data protection service.
-
Access to the vaults and the data center is strictly controlled through administrative procedures, physical safeguards, and technical security measures to prevent unauthorized use or disclosure of customer data.
-
Data remains on the YB Backup servers for as long as you wish to retain it.
​
Sarbanes-Oxley (SOX) Act Compliance
The Sarbanes-Oxley (SOX) Act of 2002 legislates how long and the manner in which companies store their financial records. Created largely in response to the Enron and WorldCom scandals, the SOX act is designed to safeguard against accounting errors and other illegal financial activities. In placing a more rigorous requirement on financial reports the storing of the records becomes vitally important because the trail of transactions must be secure.
​
The act specifically states that electronic records must be saved for at least five years to ensure that the auditors and other regulators can easily obtain requested documents.
​
The regulated companies in choosing a storage method will therefore look to a format that will insure it can satisfy the legal requirements of the SOX, i.e. the increased use of online remote data storage facilities / programs.
​
As an online data storage facility, YB Backup is not privy to the contents of the information stored for a client. The customer must maintain responsibility for ensuring that it is in compliance as to what information is being kept and who in the organization (including independent auditors) has access. YB Backup is only responsible for the availability and security of the information being stored and has put safe guards in place to ensure appropriate quality control standards.
​
YB Backup assists with SOX compliance in the following manner:
-
The data files backed up are encrypted on transfer and stored using AES 256-bit encryption and automatically decrypted during restores. The encryption is based on the private encryption key so that the data stored on IDrive servers cannot be decrypted by anybody other than you or a designate
-
Your files are logged with a date and time stamp each time they are accessed
-
All backups are immediately available from the web
-
Data remains on the YB Backup servers for as long as you want to retain it
​
​
Gramm-Leach-Bliley Compliance
Customers of financial institutions who maintain a relationship or obtain products or services such as those listed here are protected under GLBA.
​
GLBA affects a wide range of financial institutions such as banks, thrifts, credit unions and insurance firms as well as any firm engaged in activities including:
-
Mortgage Lending
-
Credit Card Activities
-
Securities Brokerage Activities (Including Dealers and Advisors)
-
Insurance Sales (Underwriters and Agents)
-
Tax Planning and Preparation Services
-
Investment Advice
​
A wide range of non-public personal information and personally identifiable financial information is subject to the privacy controls of GLBA.
YB Backup answers security concerns in the following manner:
-
The data is encrypted before transmission, always maintained in encrypted state and immediately available if required
-
Data access is restricted by password authentication and is date and time-stamped by user
-
Client access is only through authorized personnel with the encryption password, which is known only to the user
-
Detailed reporting gives regulators a clear idea of the chain of custody of the stored information, and rapid access, should it be required
​
Data will remain housed in the YB Backup customer storage areas for as long as the client retains it. YB Backup does not have access to the contents of the data files stored, so it is up to the client to maintain the data in a manner that is compliant with GLBA.
​
Securities and Exchange Commission (SEC) / Financial Industry Regulatory Authority (FINRA)
The Securities and Exchange Commission (SEC) and the Financial Industry Regulatory Authority (FINRA) have instituted regulations that demand compliance surrounding the storage of financial records and electronic communications.
YB Backup assists IT departments with SEC / FINRA regulations in the following manner:
-
The data is automatically verified each time a backup takes place
-
The data is available for online restores 24 x 7. All backups are stored with the catalogs (indexes) and accessible to authorized users at all times
-
The data resides on RAID-protected industry leading NAS / SAN storage devices with multiple levels of redundancy. In addition, a regular data backup guarantees its availability when required.
​