The volume of data generated by businesses – from databases to documents and email –continues to rise on a daily basis. Managing this data is a challenge that is compounded by increased concerns about compliance and litigation. In addition, regulations such as Sarbanes-Oxley that require organizations to retain business records, as well as the need to retain data for legal discovery purposes, are forcing organizations to find more efficient ways to store data than ever before.

Storing large amounts of data not only requires a significant investment in hardware, it can also place a burden on IT resources. To effectively keep up with the growing volume of data, many companies are considering outsourcing to third party storage experts. However, despite the clear benefits of outsourcing, sharing confidential information with a third party continues to cause concern among companies. In fact, according to a recent study by Osterman Research, more than 86 percent of businesses surveyed feel that data security is a significant concern when considering outsourced service providers.

This is not surprising, especially in light of recent high-profile data security breaches. Losses of customer or employee data by Ameritrade, Bank of America, and Time Warner have alerted businesses to the risks of outsourcing data storage. In the case of the Time Warner breach, the tapes in question were lost or stolen while being shipped to an offsite storage center. They included valuable data including Social Security numbers and sensitive information on 600,000 past and present Time Warner employees.

These losses have been partially responsible for a series of legislative recommendations to protect customer data. California was the first state to introduce mandatory disclosure requirements in the event of a security breach. The California Senate Bill 1386 states that any person or company doing business in the state of California must inform individuals when there has been a security breach of confidential customer information.

At first glance, this bill may seem to apply only to those companies and agencies based within California. In reality, it applies to anyone who might have a customer or conduct business with an entity within California. As the public grows more concerned about the safety of its personal information, SB 1386 is likely to form a template for future privacy laws in other states. California Senator Diane Feinstein is also expected to introduce a Federal bill, the Database Security Breach Notification Act, which would make reporting security breaches a requirement for businesses nationwide.