Privacy Laws and Data Destruction: Why You Need to Properly Manage Your Hardware

If you ask someone what they fear losing in a breach or hack, financial/banking data, computer/network information, and identity information top the list. People are less afraid of losing their contact information or medical information. It’s your responsibility to make sure you’re meeting privacy laws and properly disposing of hardware.

Any business or organization that stores client or customer information is bound by federal laws regarding privacy and data protection. Under the Federal Trade Commission Act, (15 U.S. Code 41), the FTC protects people against unfair and deceptive practices. Under that code, organizations and businesses must “establish requirements designed to protect.” If information is lost or stolen, investigations and financial restitution are also required.

The General Data Protection Regulation has led to stiff fines for violators. In March 2020, the ICO fined Cathay Pacific Airlines a 500,000 Euro fine for a breach that took place between 2014 and 2018. The investigation into the breach found that files of travelers were not password protected. Not only that but the company also failed to patch software and didn’t have optimal virus protection in place. These are all things companies and organizations need to think about.

What’s key to understand is that you have to do everything possible to protect consumers. This protection includes measures through hardware, software, and other means. If you’re not properly managing your hardware to meet privacy laws and when destroying data, you face penalties and lawsuits.

What Happens When Someone Makes an Error?

Mistakes happen and things do get stolen. It’s important to protect sensitive information and documents no matter how old it is. Never sell or donate hardware without properly wiping the data first. If employees take laptops home, they need to keep it secure when the laptop or other electronic device isn’t being used. Locking a laptop in a safe is one way to do this.

Secure passwords are also important. Most people know this, but using “password” or “abc123” as a password or using your employee’s name for the password is not safe. Mix uppercase and lowercase letters, numbers, and symbols and make sure the password is eight characters or longer.

Limit the number of electronic devices that are allowed to leave your offices. If they do leave the premise, keep a log of who has it and make sure they understand the protocol for storing items, using passwords, and keeping private records safe. Only allow staff who need to access remote servers with that permission. Don’t make it a free-for-all for every employee if it’s not necessary.

Hardware often contains desirable information. The Department of Veterans Affairs learned of a theft at an at-home worker’s residence. As that hardware contained names, Social Security numbers, dates of birth, and other personal information, it was a substantial theft of 26.5 million records.

Bank of America is another business that’s faced an issue with the delivery of data tapes, which caused an issue with hardware security. Tapes being to a backup center disappeared. They contained the financial records of at least 1.2 million government employees. In both cases, keeping a record of equipment that’s owned, logging who takes equipment out, and having a strict set of rules regarding encryption, passwords, storage when not in use is critical.

Destroying data before selling or recycling equipment is another mistake companies make. The Idaho Power Company experienced this issue when the company sold more than 200 hard drives to a vendor. That vendor then sold dozens of hard drives on eBay. Those hard drives were found to contain names, SSNs, and other sensitive documents. Loyola University disposed of a computer without destroying data. The hard drive contained financial aid documents, student names, and SSNs.

Improper Hardware Asset Management Leads to Wasted Money

There’s another reason to consider hardware asset management. If you properly manage your hardware assets, you save money. Get the most out of your IT before you recycle it. Your employees may find that some simple upgrades are all it takes to keep a laptop or desktop running for five, six, seven years or longer.

Buying new computers every year or two may make it easier to stay current with the latest software and technology, but it also gets expensive. How do you know when it’s time to replace hardware vs. upgrading?

Speed is one factor. If your IT department is spending hours upon hours trying to get slow or frozen computers running optimally, it’s a good time to upgrade. You might have to upgrade a hard drive or graphics card or an entire system.

If computers are still functioning well but not as fast as they used to be, you might be okay keeping them running. Reinstalling drivers and clearing out old files may help improve speeds.

Security is the other key factor. If the software on the computers is outdated and no longer getting security upgrades, it’s time to invest in new hardware.

When you do upgrade your computers, printers, etc., you have to remarket or dispose of them properly. You cannot just sell them online and hope for the best. Data must be wiped from the device before anything else happens. There are five steps to e-waste recycling that should be followed for safe practices.

  1. Partner with a company that offers traceable shipping for electronics recycling.
  2. Sanitize the hardware to remove confidential information.
  3. Evaluate the hardware to see if it has value for resale either as a whole or as parts.
  4. Destroy unusable electronics in shredders.
  5. Separate glass, plastic, and metals for recycling.

When you’re buying new electronics and office items, purchasing those made with recycled materials helps keep the cycle going. You might not find entire computers made with recycled computers, but some smartphones are made in part from recycled materials. With a full-circle approach, you’re responsibly managing data protection on your office hardware and making the most of the recycled e-waste.

Is Remarketing Possible?

You need to look at your hardware and see if you really need to replace it. If so, wouldn’t it be wise to remarket that hardware? Remarketing is a smart way to buy new while recouping some of the value of your unnecessary electronics. You get money by selling refurbished devices or by selling parts that still have value.

Hard drives, graphics cards, cables, cellphones, printers, copiers, and many other electronics can put cash in your hands. Older devices may not be useful as a whole, but the parts within them can be valuable.

The recycling of electronic devices requires care. Dropping off electronics at your local landfill or recycling center may not be good enough. Ask the program what happens next. If they don’t have a clue, you need to rethink your plans. If there is the slightest chance an old printer, copier, or computer will be sold or given away to another party, there’s the chance the information on that device could be stolen.

Data must be destroyed. One way to know you’re partnering with a company with integrity is by looking for an e-recycler that holds e-Stewards, NAID AAA, and R2 certificates. Only one company holds all three, which indicates a company that focuses on data destruction and e-recycling that meets federal requirements while also protecting the environment.

ERI allows you to witness data destruction if that’s a service you need. You also track where your e-waste is during shipping and after reaching one of ERI’s processing centers. Trust in the knowledge that data destruction is just the first step in a recycling process. We offer electronic recycling solutions like postage-paid recycling boxes, refurbishing, and ITAD. Give us a call and let us know how you can help