Years ago, a top security company surprised several ITAD companies by suggesting data that loses its value years from now is an important consideration when determining how careful you are with data destruction. If the information isn’t highly valuable, they suggested the “bare minimum” is acceptable.
It wasn’t the right approach. Guessing whether or not today’s confidential information will still be valuable to thieves and hackers is never okay. As a business owner, it’s your responsibility to ensure your clients, workers, or associates’ private information is kept confidential. Do you want to gamble with your company’s reputation?
So many people don’t understand the intricacies of recycling electronics in a way that completely destroys data. Are you falling for some of these common misconceptions?
Just Because You’re Not Required, Doesn’t Mean It’s Worth the Risk
The FTC’s Disposal Rule requires information that’s used in consumer records and reports to be correctly disposed of. The rule is in place to eliminate the risk of “unauthorized access or use of the information.” The Disposal Rule covers the organizations and businesses that must follow this rule. They include:
- Anyone who pulls credit reports, such an individual hiring caregivers
- Banks, lenders, debt collectors, and other financial companies
- Consumer reporting agencies and credit bureaus
- Employers
- Government agencies
- Insurance agents and companies
- Landlords and property management firms
- Lawyers and law firms
- New and used car dealerships
- Private investigators
You also have HIPAA rules protecting patient information. Doctors, medical offices, nurses, etc., must be conscientious that this confidential information is appropriately disposed of. Proper disposal is defined as:
- Burning, pulverizing, or shredding paper documents
- Destroying or erasing electronic files and devices to prevent the information from being read or recovered
What if you’re in a business that doesn’t appear on this list? You don’t have to follow these guidelines, right? Wrong! The best practice is to err on the side of caution. If there are any papers or files you have for clients that could contain private information, it’s best to dispose of them properly.
Remember the breach a few years ago where the Marriott learned hackers accessed information like passport numbers, frequent flier information, hotel loyalty rewards information, and gender. People may not think that personal data isn’t much of a threat. However, it could be used to personalize phishing scams. It may not lead to government fines, but it could lead to costly lawsuits.
Don’t Assume You Will Not Be Part of a Theft
Here’s some food for thought. Worldwide, businesses and organizations lose about $1.8 million every minute to cybercrime. More than half a million records were compromised. The average cost of a breach is more than $7 per minute.
You can’t assume you’re safe. You may not think your business has information that’s valuable to someone else, but what if you are wrong? What if the addresses and phone numbers you store are valuable to a scammer? Do you want to risk your reputation on a theft that you could have prevented by destroying data and recycling your electronics?
You must be proactive. To do that, hire experts in data destruction. If you eliminate the chances of private information being stolen from unused or outdated electronics, you reduce potential cybercrime against your company or organization.
Only Computers Require Destruction
Computers are not the only electronics that you should destroy. All office equipment can store private information. A printer keeps a record of the things you print out. If it’s a multi-function printer, it holds everything you copy and print out. Fax machines also store images that are sent or received.
If you’re only sending your computers to a company to have the data destroyed, you’re making a big mistake. You must destroy data on phones, fax machines, printers, copiers, cash registers, imaging machines, etc.
What’s the Best Way to Destroy Data?
Overwriting, reformatting, or erasing data from your drives isn’t enough. If you’re using factory resets and thinking your data is gone, you’re wrong. A factory reset, erase/delete function, or overwrite removes the pathway to the information, but the data is still there for someone with the knowledge to get back. Think of it like this. You have a sidewalk from your front door to the driveway. If someone removes the sidewalk, you can still get to the driveway; you just need to create a new path.
Have you heard of degaussing? Many assume this is a type of overwriting. It’s not. Degaussing is a secure sanitization method recommended by the NSA. Degaussing uses the power of magnets to destroy information on the magnetic disk drives and tapes and render it irretrievable.
The absolute best way to destroy data is by degaussing and then shredding or crushing the device. Think of shredders as a giant paper shredder that pulverizes metals, plastics, and glass. It will chop an electric device into small pieces where they can be sorted into plastic, metal, and glass components and recycled.
Don’t Think You Can Just Pulverize and Throw Away Broken Electronics
One of the biggest misconceptions we hear is that it’s okay to throw out electronics after breaking up a hard drive. If you smash it into pieces so that it is beyond repair, it’s okay to trash it.
This is the most irresponsible thing that can happen. While many states do not have specific laws against throwing away electronics, the EPA does have laws against hazardous waste disposal. Electronics contain heavy metals like lead and mercury. They have plastics that don’t break down in landfills. They also have gold, silver, copper, and many other metals. Those metals and toxins can seep into the soil and groundwater and cause irreparable damage to people and animals.
There’s another thing to consider. To meet regulations, you have to prove that you’ve destroyed data. A certificate of destruction is essential. If you’re not partnering with an ITAD provider specializing in data destruction to get that certificate and something goes wrong, you could be in a lot of trouble with regulators. Are you willing to risk your business?
Carefully Choose Your ITAD Provider
How do you know if you’re partnering with a responsible, effective data destruction provider? Look for providers who specialize in both IT asset disposition (ITAD) and data destruction. ITAD providers can help you destroy data following the level of data destruction your business requires. They can help you remarket any electronics that still have value, enabling you to recover the cost of ITAD services. You also want a company that focuses on a low carbon footprint to protect the environment.
ERI can do all of that and more. We recycle almost every electronic there is. We hold certifications from e-Stewards, R2, and NAID. What does that guarantee? It means we guarantee to recycle responsibly and correctly. We follow government guidelines, use secure shipping and tracking methods, and do not send any of our electronic waste to other countries. It’s all processed at one of our eight U.S. facilities. Real-time tracking allows you to always know where your items are. If your preference is to watch the electronics get shredded, it’s an option.
Even better, destroy data in-house. You’ll watch the process happen and know that it’s thoroughly destroyed. There’s no question remaining. ERI is happy to destroy data at your place of business if that’s better for your needs. Call or email us to learn more.