A data custodian must take all reasonable steps to protect any spatial information in its custody, including but not limited to—
| (a) |
the encryption of hardware and spatial information; |
| (b) |
the implementation of relevant access levels including usernames and passwords; |
| (c) |
the reliable backup of the data in its custody at least every seven days; |
| (d) |
the implementation of network security measures such as firewalls; and |
| (e) |
the regular duplication of its database and safekeeping thereof, to any other appropriate source other than the source in daily use. |