As a business leader, it’s your responsibility to ensure that your clients’, workers’, or associates’ private information is kept confidential. Many are not aware of the intricacies of recycling electronics in a way that completely destroys data.
JUST BECAUSE YOU’RE NOT REQUIRED, DOESN’T MEAN IT’S WORTH THE RISK
The FTC’s Disposal Rule requires information that’s used in consumer records and reports to be correctly disposed of. The rule is in place to eliminate the risk of “unauthorized access or use of the information.” The Disposal Rule covers the organizations and businesses that must follow this rule. They include:
• Anyone who pulls credit reports, such an individual hiring caregivers
• Banks, lenders, debt collectors, and other financial companies
• Consumer reporting agencies and credit bureaus
• Employers
• Government agencies
• Insurance agents and companies
• Landlords and property management firms
• Lawyers and law firms
• New and used car dealerships
• Private investigators
You also have HIPAA rules protecting patient information. Doctors, medical offices, nurses, etc., must be conscientious that this confidential information is appropriately disposed of. Proper disposal is defined as:
1. Burning, pulverizing, or shredding paper documents
2. Destroying or erasing electronic files and devices to prevent the information from being read or recovered
The best practice is to err on the side of caution. If there are any papers or files you have for clients that could contain private information, it’s best to dispose of them
properly.
DON’T ASSUME YOU WILL NOT BE PART OF A THEFT
Worldwide, businesses and organizations lose about $1.8 million every minute to cybercrime. More than half a million records were compromised. The average cost of a breach is more than $7 per minute.
You can’t assume you’re safe. You may not think your business has information that’s valuable to someone else, but what if you are wrong? What if the addresses and phone numbers you store are valuable to a scammer? Do you want to risk your reputation on a theft that you could have prevented by destroying data and recycling your electronics?
To be proactive, hire experts in data destruction. If you eliminate the chances of private information being stolen from unused or outdated electronics, you reduce potential cybercrime against your company or organization.
DON’T THINK THAT ONLY COMPUTERS REQUIRE DESTRUCTION
Computers are not the only electronics that you should destroy. All kinds of office and home equipment can store private information. A printer keeps a record of the things you print out. If it’s a multi-function printer, it holds everything you copy and print out. Fax machines also store images that are sent or received.
If you’re only sending your computers to a company to have the data destroyed, you could be making a big mistake. You must destroy data on phones, fax machines, printers, copiers, cash registers, imaging machines, etc.
DON’T THINK YOU CAN JUST PULVERIZE AND THROW AWAY BROKEN ELECTRONICS
One of the biggest misconceptions we hear is that it’s okay to throw out electronics after breaking up a hard drive. If you smash it into pieces so that it is beyond repair, it’s okay to trash it.
This is the most irresponsible thing that can happen. While many states do not have specific laws against throwing away electronics, the EPA does have laws against hazardous waste disposal. Electronics contain heavy metals like lead and mercury. They have plastics that don’t break down in landfills. They also have gold, silver, copper, and many other metals. Those metals and toxins can seep into the soil and groundwater and cause irreparable damage to people and animals.
CAREFULLY CHOOSE YOUR ITAD PROVIDER
How do you know if you’re partnering with a responsible, effective data destruction provider? Look for providers who specialize in both IT asset disposition (ITAD) and data destruction. ITAD providers can help you destroy data following the level of data destruction your business requires. They can help you remarket any electronics that still have value, enabling you to recover the cost of ITAD services. You also want a company that focuses on a low carbon footprint to protect the environment.
Kate Fazzini is director of security operations and engineering at Ziff Davis; and an adjunct professor of cybersecurity at Georgetown University.
John Shegerian is co-founder and Chairman/CEO of ERI, the nation’s leading fully integrated IT and electronics asset disposition provider and cybersecurity-focused hardware destruction company.