Why The USA PATRIOT Act Requires High Availability and Disaster Recovery

An up-close photo of a section of the American flag

August 17, 2017 Disaster Recovery Blog, High Availability Blog Articles, Regulatory Compliance Blog

The USA PATRIOT Act might have been developed to combat terrorism and money laundering, but its stipulations for record keeping, reporting, and data availability are still wide-ranging and strict. Learn how these rules affect your data and avoid serious consequences – both legal and financial.


The USA PATRIOT Act (2001)

The USA PATRIOT Act, short for Uniting and Strengthening America by Providing Appropriate Tools Required to Intercept and Obstruct Terrorism (try saying that three times fast), was developed primarily “To deter and punish terrorist acts in the United States and around the world, [and] to enhance law enforcement investigatory tools.” Established after the tragic events of 9/11, the USA PATRIOT Act highlights today’s growing need for cyber security, for more reasons than just financial motivators.  

Now you might be wondering, “I’m not affiliated with terrorism, and my company isn’t involved in money laundering – so what does the PATRIOT Act have to do with little old me?” (I know, it’s almost like we read your mind.) 

While many parts of the Act were meant to be temporary, few actually fell into disuse. Many of these regulations that are still in place – specifically in Title III of the Act – have serious demands for record-keeping and reporting, and necessitate the availability of that information with very short notice.


How The USA PATRIOT Act Affects You

Title III of the Act is perhaps the most influential for data availability and security. Section 319 requires that financial institutions make any and all requested information available within 120 hours – that is, only 5 days. Since the Act doesn’t specify this time as “business hours,” it’s safe to assume that period includes weekends and holidays. This requirement applies to all financial institutions in the U.S., including foreign institutions that have a site located on U.S. soil.

Meanwhile, Sections 321 and 359 require that financial institutions, as well as any person who engages “as a business” in the transmission of funds, record and report all transactions involving monetary instruments (like bank checks, traveler’s checks and money orders). Section 353 addresses the necessity of having adequate records for geographic targeting orders (GTOs, or orders that require financial institutions within certain geographic areas to disclose their transactions), and expanded the length of these records from 60 to 180 days.

Overall, the Act greatly expands the range of data that must be available and accessible on demand. This means stricter timelines for disclosure, and penalties for failure to do so.


The Solutions You Need To Be Compliant

The USA PATRIOT Act requires that companies have data that is accessible on short notice. It also necessitates the integrity of your data; if your data stores are not secure and unalterable, or protected from unauthorized access, this can make meeting compliance impossible.

This Act makes secure record-keeping a necessity, but you will also need high availability (HA) solutions to ensure that your systems and data are always available and accessible. Without HA, you risk having your systems offline right when you’re asked to disclose critical information (and let’s be honest, it’s always at times like this when things go wrong). You will also need disaster recovery (DR) solutions in place, since lost data would make meeting compliance simply impossible.

Considering the severe nature of the crimes the Act is intended to prevent, this is not an area where you want to skimp on your data security and availability solutions. Since the PATRIOT Act is designed to combat terrorism, money laundering, and other severe offenses, failure to meet compliance will cast real suspicion on your company’s operations. Resulting in lowered stock values, hesitancy to invest, customer skepticism, and a bad reputation, suspicion could be much more devastating in the long run than any legal or financial penalties you could face.


In this series we outline how 5 of today’s biggest regulations affect your company’s information security and availability.

If you’re interested in seeing how other regulations affect your data, check out:

  1. The Gramm-Leach-Bliley Act (GLBA)
  2. The Sarbanes-Oxley Act (SOX) 
  3. HIPAA 
  4. Basel II


For more information on how to keep your data secure, available and compliant for regulations like the USA PATRIOT Act, contact us today at 317-707-3941.


Back to blog list