Security
Archive Article:
Privacy Act Compliant Disposal of Old Computers
For
businesses that are seeking to dispose of obsolete computers responsibly and
also comply with the different privacy act regulations, we at Staple Bench
Computers can help. We insure that your data will be destroyed because our
process includes destroying the old computer hardware and re-processing the
plastic, metal, and glass for re-use, including hard drives and RAM/ROM
chips, we do not just refurbish and resell systems and components.
Staple Bench Computers can dispose of obsolete computer equipment in a
responsible and compliant manner for several reasons:
Staple Bench Computers stores all systems in a safe and secure area prior to
the disposal of obsolete hardware.
Staple Bench Computers destroys the old computer hardware, we do not
refurbish and resell the computer components, including but not limited to
the hard drives and RAM/ROM chips.
Staple Bench Computers can certify that the hardware and data is destroyed
in compliance with the Privacy Act laws, due to the fact that ONE person
handles these procedures for the company.
Obsolete computers that have proprietary data stored on them are most often
not considered when companies are developing the privacy and data security
plans. With today's forensic capabilities, a hard drive that has been erased
or 'cleaned' is not guaranteed to have no traces of the previous information
on it. CIO's need to keep the privacy and security issues in mind while they
are developing their overall plans, and need to budget accordingly. A
company who uses methods compliant with the disposal of obsolete computer
hardware should be used since donating or refurbishing/reselling old
computer hardware is considered a violation of the newest privacy acts.
The compliant disposal of out dated systems is seemingly more difficult,
because companies are storing operational and non-operational systems,
because the software on them is so dated that they are rendered unusable.
Computers that are operational but are running extremely old operating
systems, like DOS for example, the options are limited for wiping the drives
clean of data. Non-operational computers have to be returned to working
condition before they can be disposed of properly, which is an added expense
companies face. Many companies are unaware that the RAM and ROM chips store
data as well as the hard drives, so when disposing of old hardware, those
too must be included since possible information they are storing can be
names, addresses, social security numbers, credit card numbers, etc. In
today's world where corporate espionage and identity theft are so common, it
is extremely important to dispose of your obsolete computer hardware in a
compliant manner in order to help further protect your company, employees,
and customers to the highest degree. Not complying with the new privacy laws
is not an option for companies that do not want to incur fines and possible
prosecution.
If a hacker were to come across a computer that a company decided to just
have the hard drive 'cleaned' they would have the ability to recover any of
the possible information left on that drive. They would be able to take
their time, and wouldn't have to worry about having their tracks traced or
monitored. The company would be clueless as to the damage that could be done
from the recovery of this information, until it was too late. Since the only
guarantee that information on an old or obsolete computer doesn't get into
the wrong hands is by turning it into a lump of molten metal and glass, it
is extremely important to follow proper procedures in disposing of the
information, because even an inexperienced hacker could recover information
with an unlimited supply of time.
Most companies are affected by the Gramm-Leach-Bliley Act, the
Sarbanes-Oxley Act of 2002, and HIPAA, since
these laws do not only apply to financial institutions and medical
practices. Since the privacy of financial and medical information is covered
by these laws, even regular companies are required to follow these
guidelines when disposing of old computers, if they keep 401k and medical
information regarding their employees. CIO's should take a "better safe than
sorry" attitude when it comes this issue, in an attempt to protect their
employees and the company from fines and prosecution.