How Much Storage You Need for Backups Depends on What You Must Keep—and for How Long!

Click here to view/listen to our blogcast.

When it comes to business backups, most companies focus on making sure the data exists. But just as important is understanding how long different kinds of records need to be kept. Retention requirements vary widely depending on the type of record and which regulatory bodies your business must comply with—like NYDFS, HIPAA, NIST, GLBA, NY SHIELD, IRS, and others.

At CDML Computer Services, we regularly help small and mid-sized businesses develop smart, compliant backup strategies. That starts with knowing your data retention obligations—because this will directly impact how much storage you need, what kind of backup solution is best for you, and how to organize your data over time.

📋 What Needs to Be Backed Up—and for How Long?Here’s a breakdown of common data types and the longest retention requirements across major regulations:

Note: The retention period may be measured from when the record was created or from the resolution date in the case of HR complaints and terminations. That means your data must remain accessible for years after the event it refers to.

💸 Noncompliance Is Expensive—Much More Than Storage

Many businesses see backup storage as just another IT expense. But here’s the reality: not backing up the right data for the right amount of time can cost you far more in fines, audits, and reputational damage.

Let’s look at what the law says and what it could cost you if you fail to comply:

HIPAA Violations

• Fines per violation: $100 to $50,000
• Annual cap per violation type: $1.5 million
• Example: L.A. Care Health Plan was fined $1.3 million in 2023 for multiple HIPAA violations, including failure to conduct risk assessments and retain logs.

NYDFS 23 NYCRR 500

• Penalty: Up to $1,000 per violation per day
• Example: OneMain Financial Group LLC was fined $4.25 million in 2023 for inadequate cybersecurity controls and poor risk assessments.

IRS and Financial Records

• Penalties: Up to $25,000 per year for failure to keep or furnish required records
• Audit risk: The IRS can go back up to 7 years in some cases, especially when fraud is suspected.

GLBA (Gramm-Leach-Bliley Act)

• Penalties: Up to $100,000 per violation for institutions
• Personal liability: Company officers can be fined up to $10,000 per violation

EEOC / Labor Recordkeeping

• Failure to retain employment-related records can lead to investigations, lawsuits, and lost cases due to lack of documentation. In many industries, that risk alone justifies robust archival backups.

🧾 What Does Storage Actually Cost?

Despite the risks, many companies still balk at paying for long-term storage. But the truth is, cloud-based archival storage is incredibly affordable:

You can meet most SMB regulatory data retention requirements for less than $100.00/month.

That covers secure, encrypted, policy-based storage solutions that scale with your business—without needing to buy and manage expensive hardware.

✅ Smart Storage is Risk Management

Paying for storage is not just a tech decision—it’s a business continuity and compliance investment. When you back up your data according to legal retention periods, you:

• Stay protected during audits or investigations
• Avoid costly fines and legal fees
• Preserve evidence for HR or legal disputes
• Maintain client trust and credibility
• Save your business from catastrophic loss due to system failure or ransomware

🤝 Need help determining what to keep—and how to store it?

Contact CDML Computer Services for a compliance review and custom backup strategy. We’ll make sure your business stays protected, prepared, and on the right side of the law.

📞 Contact us here: https://cdml.com/contact/
📚 Read more on our blog: https://cdml.com/blog-2
📺 Listen to our blogcasts: https://www.youtube.com/@CDMLComputerServices