Mitol PerfectBackup | Fawcett House | Shirbutt Lane | Hessay | York | YO26 8JT | TEL: 01904 737528 | Providers of Online Backup - Hosted Exchange - Cloud Computing Solutions
Online Backup | Cloud Servers | Hosted Exchange


It Won’t be Long Now!!!


Safe Harbour – Deadline issued for new agreement

A new data transfer agreement must be negotiated between the EU and the US by 31st January 2016, or action may be taken against businesses who continue to transfer their customer’s personal data through the US.

What does this mean for my business?

If your business stores personal data which falls under the Data Protection Act, then you need to prepare to move away from services that are based or owned in the US. You must be able to implement this move before 31st January 2016, in case the US and EU do not negotiate a new data transfer agreement.

Why has this happened?

The ultimatum comes after the EU’s ruling last week that the data transfer agreement titled ‘Safe Harbour’ which protected personal data sent through the US, was invalid. This was due to Edward Snowden’s disclosures in 2013 which revealed US global surveillance programs.

The statement was released last Friday by the Article 29 Working Party (the EU’s data protection advisory body). It stated that, ‘If by the end of January 2016, no appropriate solution is found with the US authorities…EU data protection authorities are committed to take all necessary and appropriate actions, which may include coordinated enforcement actions.’

Regarding businesses within the EU, the party noted that they ‘…should reflect on the eventual risks they take when transferring data and should consider putting in place any legal and technical solutions in a timely manner to mitigate those risks and respect the EU data protection…’

Can I just move the services based in the US to the EU?

Currently, there is very little that businesses can do to ‘mitigate the risks’ of transferring data; the US government has jurisdiction over all US companies and their subsidiaries, regardless of their location in the world. Regrettably, this means that moving data to EU based subsidiaries will be fairly ineffective.

What if I’m asked to sign a Model Clause?

Some corporations are now depending on the EU Model Clauses; standardised clauses that allow for legitimate cross border data transfers. Although the Article 29 Working Party have said that these can still be used, there is a debate as to whether these will be the next to go.

Safe Harbour – Should I be Using Overseas Cloud Solutions?

Have your data protection responsibilities just changed?
The agreement that allowed businesses to send personal data between countries in the EU and the US has been declared void by the European Court of Justice, on the grounds that it does not protect against US surveillance.

Yesterday’s abandonment of the Safe Harbour agreement (spelled Harbor in the official pact) will directly impact the way your business is allowed to handle personal information on your clients and your colleagues.

What does this mean for your business?
If you use Cloud based services or US-Owned infrastructures like Office365 and Google Docs, any personal data from your customers or employees will have to pass through a US server. As a result, the US will have a record of this information and has the ability to access it without your knowledge or consent.

Even if the programs and services your business uses are based within the EU, the data may be backed up on a US Cloud. This means that software based in an EU area won’t necessarily coincide with data protection laws.

Safe Harbor Press Release

What was the Safe Harbour agreement?
Safe Harbour was an agreement which protected any personal data of EU citizens that passed through the US. As a result of Edward Snowden’s actions, the European Court of Justice has ruled that Safe Harbour cannot be upheld in a court of law as it cannot claim to keep data that enters the US private.

Personal data transfers between businesses within the EU and the US have not been suspended, but the EU now has the authority to investigate these transfers if it suspects that personal data is not adequately protected.

What happens next?
Some companies are amending their terms and conditions, but this does not negate the EU’s ruling. Currently businesses do not need to take any immediate action, but should wait for guidance from the EU, UK and suppliers.

All US based services are still running for EU businesses, as are those within the EU that directly or indirectly use US servers. Mitol Ltd will keep you updated on any further developments

Microsoft must surrender overseas data, US judge rules

In an extremely worrying step for anyone who already believes the US Government has too much power, it would now appear that even if your data resides in a Microsoft location outside the US they can still gain access. My personal view is that sovereignty of data is a key decision for anyone who is seeking to move to a cloud provider. If this is not over-turned it could have far reaching consequences.


£500,000 for Firms that Suffer Serious Data Loss

A recent article in CRN Magazine  and states the proposed introduction of fines of up to £500,000 for firms that suffer serious data loss
From next year, the privacy watchdog the Information Commissioner’s  Office (ICO)  will be able to fine companies that recklessly or maliciously breach the Data  Protection Act (DPA). The Ministry of Justice yesterday launched a  public  consultation on the maximum amount such fines can run to – a figure it  proposes  should be set at £500,000.In its consultation document the MoJ said it chose £500,000 because  it did  not want the penalty to be more than “10 per cent of the highest annual  turnover  of a small company”.As well as being imposed for malicious or reckless breaches of the  DPA, the  fine could also be used by the ICO against companies who have:

  • Stored or processed personal data in a country outside of Europe  that does   not have adequate data protection legislation
  • Kept data for longer than is necessary for the organisation
  • Obtained personal data unlawfully
  • Accidentally deleted data

Whilst PerfectBackup cannot help with points 1 to 3 we are able to  restore  your backed up data which may have been deleted many years ago.

Under the ICO’s current powers, the strongest sanction the watchdog  has  against organisations that lose data is to serve it with an enforcement  notice  requiring it to improve data security or face legal action.

Deputy information commissioner, David Smith, welcomed the ICO’s new  powers  and said they would help stop more breaches from occurring.

“We are keen to encourage organisations to achieve better data  protection  compliance and we expect that the prospect of a significant fine for  reckless or  deliberate data breaches will focus minds at board level,” he said in a  statement.

The announcement coincides with the latest ICO figures showing that  711  businesses, government bodies and charities have suffered data security  breaches  over the past two years.

Mitol PerfectBackup are committed to offering tailored online backup  solutions for  businesses worldwide, if you feel you are not complying with the above  then  please contact a member of our support team for guidance.

Can European Firms Legally Use U.S. Clouds To Store Data?

Recent Article copied from

A top concern of moving to the cloud, particularly in Europe, is the patchwork of laws that leave many unsure of how to proceed. In Europe, a very stringent legal framework is in place with criminal sanction for companies and individuals that break EU data protection laws. Access to and sharing of EU citizens’ personal data is tightly controlled, including requirements for notification of data releases. In the U.S., while data laws are significantly more flexible, frameworks do exist, meaning European companies operating there also need to comply with U.S. laws.

In particular, laws such as the U.S. Patriot Act have further complicated the situation. Both Amazon Web Services and Microsoft have recently acknowledged that they would comply with U.S. government requests to release data stored in their European clouds, even though those clouds are located outside of direct U.S. jurisdiction and would conflict with European laws. Does this mean, however, that European companies and individuals using U.S.-company-operated clouds are breaking EU law?

Key Factors: Location and Control

There are two important factors affecting the treatment of data. Firstly, knowing where it is physically located, as this determines the legal jurisdiction presiding over that data. For example, data stored in Germany is subject to German and EU law, whereas data stored in the U.S. is only subject to U.S. law. It’s also important to consider where customer records are kept, as sometimes they may be replicated beyond the raw data storage. For example, a company operating a public cloud may hold uploaded data in one place (the main published cloud location), but keep copies at its corporate HQ, which may be in another country.

Secondly, knowing who controls the data is key as some country laws place obligations on companies beyond that country’s borders. For example, since a U.S. company operating in Europe is still subject to the U.S. Patriot Act, the European customers using those services are exposing themselves to U.S. jurisdiction. It’s important to note that subsidiaries of U.S. companies are also subject to the same U.S. data access abroad.

Implications of the U.S. Patriot Act in Europe

European law strictly mandates the treatment of EU private citizens’ data with strong sanctions against breaches. Additionally, there are clear and specific notification requirements if data is shared with third parties. In contrast, the U.S. Patriot Act requires U.S. companies (and their foreign subsidiaries) to comply with U.S. government data requests regardless of location, provided that data is under the control of a U.S. company. Furthermore, by the same U.S. law, such data sharing is not allowed to be revealed to a third party, directly conflicting with European disclosure requirements.

ased on these facts, a U.S. company (or local subsidiary) controlling data in Europe must comply with EU data protection and notification laws, but is also subject to the onerous U.S. Patriot Act requirements, which are incompatible. In such a situation, it’s reasonable to assume that a company would comply with its ‘home’ jurisdiction, particularly if data disclosures are required to be private. U.S. companies controlling EU citizens’ data in Europe are therefore in an impossible situation if they have to release data under the U.S. Patriot Act. The Safe Harbor Framework, designed to avoid this, has proved ineffective, as recently admitted by major U.S. companies operating in Europe.

So, the question remains – for companies holding EU citizens’ data in Europe, does placing such data under the control of a U.S.-based entity expose them to legal consequences? The simple answer is yes. If a German company were to place their customers’ data under the control of a U.S. entity or subsidiary, they could be held liable for any subsequent data release.


article copied from

The top 4 most preventable types of data loss


Every IT person recognizes the panic that broke out when, for whatever reason, data loss occurs within the company. The pressure on the IT department to protect the company’s information and work is an unprecedented height of responsibility. In which, sometimes, ​​mistakes are made. But now data can be located and restored.

Every company will at some stage in its path face data loss. In drastic situations the fallout can sometimes cause lasting residual damage, but data loss also happens in ways that are best avoidable. Here are some of those situations to avoid.

- No clear description and implementation of existing IT, retention and backup procedures . For example, a test server is transferred to the production environment, but no one has told the IT department that there is now valuable data on it which needs to be backed up.

- No up – to- date operating system and antivirus software. The days are already packed and there is too little manpower to patch. But that can lead to security holes and treacherous extensive data loss.

- No effective backup. Recent research by Knoll discovers that among customers only 60 percent have a backup in place at the time of data loss, but that backup failed to operate when it was needed.

- The IT security is not tested. Even the smallest error in IT security can have serious consequences, including loss of data and huge loss items. If you do not check in advance it is going to be your own fault lost data.

With backup you are never alone

You’ve done it nicely. The backup is well organized, so if something happens you can work around the roadblock, thanks to rapidly restore your system. Practically all the applications you use run entirely in the cloud. So there is little reason for improvement, right?

Well in all honesty it all depends on who you ask. The IT market is flooded with professionals who all offer their services for bargain prices. Weather it comes to online storage, disaster recovery or cloud systems. But the service never seems to be an all in one approach. It seems completely logical for this to be the case, however a large proportion of companies just look at the service itself rather than how it engages in the overall picture of IT services.


To prevent downtime, it is recommended to purchase your services from a supplier where all aspects of cloud data services are provided. A company like Mitol PerfectBackup fits nicely in this picture because they do just that. They provide all the services you need which automatically apply higher guarantee of business continuity. If there is a problem with your data and something happens, then you are just a phone call away from a solution.