Well, IANAL. I think you already covered the most important point: store backups on hardware/services under the control of your employer/client.
I would document the backup process and communicate it to my manager/client with a mail like "hey, I set up backups, they are stored at <server>, docs are in the wiki".
Other potential issues: causing unauthorized costs ("who stored 10TB on S3?") or privacy violations, e.g. when working with healtcare or payment data.
I would document the backup process and communicate it to my manager/client with a mail like "hey, I set up backups, they are stored at <server>, docs are in the wiki".
Other potential issues: causing unauthorized costs ("who stored 10TB on S3?") or privacy violations, e.g. when working with healtcare or payment data.