156 5.1 Disaster Recovery Legal Issues
By definition, the disaster recovery phase is likely to involve, to a signifi-
cant degree, external emergency services. The priority during this phase is
the safety and well-being of human life, the handling of the emergency
itself, the removal of the threat of further injury or damage, and the reestab-
lishment of external services such as power, communications, water, and so
on. A major task during this phase is also the completion of damage assess-
ment forms. In addition to the emergency services, the disaster recovery
phase may involve different personnel, depending upon the type of emer-
gency, and a disaster recovery team (DRT) should be nominated according
to the requirements of each specific crisis.
5.1 Disaster Recovery Legal Issues
Standards of care and due diligence are required of all businesses. Not hav-
ing an appropriate disaster recovery plan (DRP), which includes a reliable
backup/restore system, violates that fiduciary standard of care. Although
no specific law states that a business must have a DRP, there is a body of
legal precedent that has been used to hold companies and even individuals
responsible for the recovery of data after a disaster [1]. Legal precedent as
a result of the case of FJS Electronics v. Fidelity Bank has set the standard of
due care and diligence that corporations must now uphold. In that case,
Fidelity Bank had a data disaster that ended up costing FJS Electronics.
FJS took Fidelity to court and won. In another case, Parr v. Security Nat.
Bank [2], the decision rendered cited the actions of Fidelity in the FJS v.
Fidelity case:
Fidelity made a choice when it elected to employ a technique which
searched for stopped checks by amount alone. It evidently found bene-
fits to this technique which outweighed the risk that an item might be
inaccurately described in a stop order. This is precisely the type of
inevitable loss which was contemplated by the code drafters and
addressed by the comment above. The focus of § 4-403 is the service
which may be expected by the customer, and a customer may expect a
check to be stopped after the bank is given reasonable notice. A bank’s
decision to reduce operating costs by using a system which increases the
risk that checks as to which there is an outstanding stop payment
order will be paid invites liability when such items are paid.