How to Store Your Customer Records Legally

Often, businesses are required – by law or convenience – to retain customer records for years after use. Records of transactions, customer details and other details are vital to retain, but as all are under the data protection act, storing them in a way which is legal and secure can be difficult. Companies which offer document storage allow businesses to store these sensitive documents off-site in archive storage facilities, providing a secure location and taking care of the legal requirements. The off-site storage location allows businesses to save space and money spent otherwise on security needed to meet these requirements. If required again in the future, it is simple to have the documents returned.


Document storage facilities allow businesses to retain control over their stored items: usually, there is a wait of a half day or a day, dependent on the urgency, and emergency retrieval is generally offered also. Many archive storage services offer a pay-as-you-go service, which allows businesses to rent space only as it is required.

With the rise of internet security, there is now the option of storing hard copies of documents in archive storage and having them scanned into electronic copies. This means that they can be accessed from throughout the world at any time in a simple, secure manner. Lists of documents stored, with a label detailing their descriptions can also be accessed online, making retrieval simple and quick.

Legal Matters

Customer records contain information which is highly privileged and sensitive: things like details of transactions, customer information such as names, addresses and bank details are commonly retained for years after use, whether or not the customer is still a client. Not only is this a legal requirement, but it allows businesses to provide a better customer service and even advertise better: offering services or goods based on previous purchases.

This information is vital for the running of a successful business, and generally people do not mind providing it, as it improves their initial and future experiences with the company. However, they – understandably – would not want it falling into the wrong hands. The data protection act provides a list of rules which must be adhered to when storing customer information. For instance, it must be relevant information and not kept for longer than necessary. The rights of the individual state that they must have access to any information held about them.

If someone gets a hold of client information, it can have serious consequences such as credit card or mortgage fraud or exposure of details such as addresses. Less serious consequences may cause embarrassment to clients.

Security Matters

In keeping with the legal side of client information, all details must be stored safely. Most document storage facilities are highly secure. Their security systems will include alarm and intruder detection as well as well trained staff which are vetted before hiring. CCTV monitoring is a vital part of the security of such archive storage facilities and physical keys should be required for access.

Of course, it is not simply intruders which can present a security risk to documents. Fire and floods are as much a hazard, and fire detection and suppression systems will be in place. For older documents or very sensitive items, temperature and humidity controlled vaults may be available.

The data protection act requires businesses to take ‘appropriate’ measures to ensure no ‘unauthorized or unlawful processing of personal data’ occurs. This means that all businesses should have a secure way of storing client information and that they should be able to respond quickly and efficiently if a breach in this security occurs. It does not require businesses to have state-of-the-art security systems, but any information should be kept in a suitable state of security. This is often easiest to achieve by allowing document storage companies to archive information.

Only those who are authorised should have access to customer information.

Written by:

Nathan Morgan has been a IT professional for 14 years. His work is currently focused on Linux servers. He has encryption experience including the deployment of True Crypt and similar packages, and detailed knowledge of document scanning solutions to transform off-line archives into accessible digital data.