Well, IANAL. I think you already covered the most important point: store backups on hardware/services under the control of your employer/client.
I would document the backup process and communicate it to my manager/client with a mail like "hey, I set up backups, they are stored at <server>, docs are in the wiki".
Other potential issues: causing unauthorized costs ("who stored 10TB on S3?") or privacy violations, e.g. when working with healtcare or payment data.
I've done this before and I just email it to myself using the company email account. This way nothing leaves the workplace. Also, no financial transaction data was in the db as it was a simple wordpress blog.
If it stored credit card data or other important stuff I'd take a look at what PCI compliance says you have to do for your backups and follow that.
