One of the more interesting arguments currently rumbling around the
office is the lack of backup for the HR person's laptop.
This contains a copy of the contract and other HR type info on every member
of staff we've got working here. It's certainly confidential
information, some of it contains NI and healthcare details, as well as
bank account information and other personal records.
After a developer's laptop was stolen last month , I've had cause to look in more detail at the backup (or lack of) for the various services around the office.
Management think that Dropbox would be a good solution, as they claim to be secure, but I'm decidedly unsure where the law (and Data Protection Act) actually lie on this.
I was under the impression that you're not allowed to let the documents in question leave the site/country/EU. So dropbox would be no good, as they're based in the USA, and probably Amazon S3 backed.
Quick info:
- We're UK based, with operations in the EU (DK)
- Management would like online access, granular as possible, one user creator, only they can access that document/folder, one globally shared folder, as well as group-based access lists.
- I would like anything that's properly secure, tested, Hard Cryptography (AES)
- Dial-in IPSEC VPN access would be nice, HTTPS would probably do too.
- A solution that's not going to cause us to get sued by the Information Commisioner if things go balls up.
Anyone got any ideas? Done this before? Should I just build a server and store it somewhere in the office, or a dedicated server in a UK datacentre?