WORM storage stands for Write Once Read Many. As organizations create massive amounts of data, more often than not they’ll need to store some that data in a permanent way. For example, a non-profit might want to store its financial data, or a university might want to store graduation records this way in case of any unexpected mishaps or data losses. The most common way to store unalterable data is called write once read many, or WORM storage.
The easiest explanation for Write Once Read Many storage is that it’s unchanging storage. You can write data to the storage device or media exactly one time. That’s it. After that, no one can alter the data in any way. A very simple form of WORM storage is a CD-R disc. Imagine making a mixtape for your upcoming road trip with your friends. You put all your favorite songs on the blank disc, but they’re on that disk forever. Sure, you can scratch or destroy the disc so someone else can enjoy your beloved jams, but you can’t change the songs that are on it. WORM storage allows unlimited readings of the data, assuming the data storage device isn’t damaged.
Can WORM Storage Lead to Data Loss?
A very real fear that some have about WORM storage is data loss.
Let’s say you copy something to a WORM storage device to ensure it cannot be altered. If you store it on-site and something happens to you building, all of your data could potentially be lost for good. You need to plan ahead if you’re committed to physical data storage. This is also where the 3-2-1 backup rule comes into play. To be safe you should have three copies of your data, with two copies on different forms of media, and one of those copies stored off-site.
Most likely your business is not required to utilize WORM storage, unless you are in the securities or healthcare industries, which then fall into the SEC and HIPAA rules and regulations. However, legal requirements aren’t the only reasons to make use of WORM storage. If you want to archive records of historical value, WORM storage makes a lot of sense. It can also be used as a way to protect proof of trade secrets or intellectual property.
HOW CAN WORM HELP MEET REGULATIONS AND AVOIDING FINES?
Most organizations implement WORM storage to meet some regulatory requirement. Securities and Exchange Commission rule 17a-4 requires brokers and dealers to retain protected financial data such as account numbers, credit cards and transaction details for a period further specified by the Commission. Brokers and dealers must keep some information for five to seven years or longer to meet FINRA rules. The finance industry uses WORM-compliant storage for this purpose.
When finance data changes or disappears, FINRA and the Securities and Exchange Commission can levy fines and penalties against the data’s caretakers. Penalties can be millions of dollars. In 2016 alone, FINRA fined 12 organizations $14.4 million for failing to protect records against alteration, which they could have done using WORM-compliant storage.
Corporations use WORM storage to comply with the Sarbanes-Oxley Act as it relates to long-term, unalterable data storage. Healthcare providers use WORM-compliant technologies to preserve elements of medical records that the HIPAA act protects. In both cases, data caretakers who fail to meet these requirements can face fines and penalties.