A data custodian must take all reasonable steps to protect any spatial information in its custody, including but not limited to—
| (a) | the encryption of hardware and spatial information; |
| (b) | the implementation of relevant access levels including usernames and passwords; |
| (c) | the reliable backup of the data in its custody at least every seven days; |
| (d) | the implementation of network security measures such as firewalls; and |
| (e) | the regular duplication of its database and safekeeping thereof, to any other appropriate source other than the source in daily use. |
