Important and
Sensitive Information
Resides on Computer
Hard Drives
- Financial Info
- Human Resources
- Social Security Numbers
- Health Information
- Banking Data
- Medical Data
- Passwords
- Tenders & Offers
- Discipline info
- Student records
- Grant apps
- Employment apps
- Sick pay
- Contracts
- Maintenance records
- Insurance
- Unpublished works
- Intellectual Property
- Private Correspondence
- Law enforcement records
- Legal records
- Investment Activity
Proper Computer Disposal Limits Liability
Ironically, the biggest burden of old computers is essentially why we love them: they remember information and can store a volumes of it. But since standard disk formatting leaves most of this data intact, there's a huge risk running afoul with a growing number of regulatory responsibilites or having this data get into the wrong hands. Assured™ ITD helps small volume computer users manage this process.
Last year, the FTC report that victims to identity theft and losses to businesses and financial institutions totalled $48 billion.
Regulatory Requirements Govern Information Asset Tracking - Even After Disposal
Resource Conservation and Recovery Act
All organizations should comply with this act. Those generating less than approx. 200lbs of solid waste per month are exempt, however, state laws in NC dictate that CRTs still be sent to an authorized facility.
Gramm-Leach-Bliley Financial Services Act
Any and all financial institutions must comply with this act, which include organizations that lend, exchange, transfer, invest for others, or safeguard money or securities. The act stipulates strigent requirements regarding information security planning are outlined, including:
- Erase all data when disposing of computers, diskettes, magnetic tapes,
hard drives or any other electronic media that contain customer information;- Effectively destroy the hardware; and
- Promptly dispose of outdated customer information
- Proper disposal record keeping
Sarbanes/Oxley Accounting Reform and Investors Protection Act
A key underlying theme of this act is establishing corporate control structures that safeguard and insure the accuracy of meaningful business information. Controlling access to critical financial information is required to acheive compliance. Properly documenting data retention and destruction procedures is essential.
- Institute and design a comprehensive data retention program
- Promote asset tracking - both pre- and post-destruction
- Educate all employees and staff
Health Insurance Portability and Accountability Act (HIPAA)
Any covered entity or organization dealing with protected health information (PHI) must comply. Specifically, HIPAA's Privacy Rule mandates reasonable actions should be taken in keeping PHI secure.
- Reasonable measures to keep PHI private
- ...
Fair and Accurate Credit Transactions Act (FACTA)
For over 2 years, the US Federal Government has mandated the consumer credit information be disposed of in appropriate ways. According to the Federal Trade Commission, 'Any business or individual who uses a consumer report for a business purpose is subject to the requirements of the Disposal Rule, a part of the Fair and Accurate Credit Transactions Act of 2003 (FACTA), which calls for the proper disposal of information in consumer reports and records to protect against “unauthorized access to or use of the information.'
- Large and small organizations that use consumer reports
- Lenders, insurers, employers, landlords, government agencies
- Do you have this type of information on corporate computers?