Security

Archive Article:

Privacy Act Compliant Disposal of Old Computers

For businesses that are seeking to dispose of obsolete computers responsibly and also comply with the different privacy act regulations, we at Staple Bench Computers can help. We insure that your data will be destroyed because our process includes destroying the old computer hardware and re-processing the plastic, metal, and glass for re-use, including hard drives and RAM/ROM chips, we do not just refurbish and resell systems and components.
Staple Bench Computers can dispose of obsolete computer equipment in a responsible and compliant manner for several reasons:

Staple Bench Computers stores all systems in a safe and secure area prior to the disposal of obsolete hardware.
Staple Bench Computers destroys the old computer hardware, we do not refurbish and resell the computer components, including but not limited to the hard drives and RAM/ROM chips.
Staple Bench Computers can certify that the hardware and data is destroyed in compliance with the Privacy Act laws, due to the fact that ONE person handles these procedures for the company.
Obsolete computers that have proprietary data stored on them are most often not considered when companies are developing the privacy and data security plans. With today's forensic capabilities, a hard drive that has been erased or 'cleaned' is not guaranteed to have no traces of the previous information on it. CIO's need to keep the privacy and security issues in mind while they are developing their overall plans, and need to budget accordingly. A company who uses methods compliant with the disposal of obsolete computer hardware should be used since donating or refurbishing/reselling old computer hardware is considered a violation of the newest privacy acts.

The compliant disposal of out dated systems is seemingly more difficult, because companies are storing operational and non-operational systems, because the software on them is so dated that they are rendered unusable. Computers that are operational but are running extremely old operating systems, like DOS for example, the options are limited for wiping the drives clean of data. Non-operational computers have to be returned to working condition before they can be disposed of properly, which is an added expense companies face. Many companies are unaware that the RAM and ROM chips store data as well as the hard drives, so when disposing of old hardware, those too must be included since possible information they are storing can be names, addresses, social security numbers, credit card numbers, etc. In today's world where corporate espionage and identity theft are so common, it is extremely important to dispose of your obsolete computer hardware in a compliant manner in order to help further protect your company, employees, and customers to the highest degree. Not complying with the new privacy laws is not an option for companies that do not want to incur fines and possible prosecution.

If a hacker were to come across a computer that a company decided to just have the hard drive 'cleaned' they would have the ability to recover any of the possible information left on that drive. They would be able to take their time, and wouldn't have to worry about having their tracks traced or monitored. The company would be clueless as to the damage that could be done from the recovery of this information, until it was too late. Since the only guarantee that information on an old or obsolete computer doesn't get into the wrong hands is by turning it into a lump of molten metal and glass, it is extremely important to follow proper procedures in disposing of the information, because even an inexperienced hacker could recover information with an unlimited supply of time.

Most companies are affected by the Gramm-Leach-Bliley Act, the Sarbanes-Oxley Act of 2002, and HIPAA, since these laws do not only apply to financial institutions and medical practices. Since the privacy of financial and medical information is covered by these laws, even regular companies are required to follow these guidelines when disposing of old computers, if they keep 401k and medical information regarding their employees. CIO's should take a "better safe than sorry" attitude when it comes this issue, in an attempt to protect their employees and the company from fines and prosecution.