Archives

6 Reasons to Properly Dispose of Technology

September 23, 2015

dispose of technology

We’ve said this before, and we’ll keep saying it: just because used technology gets unplugged and leaves your building, that doesn’t mean the data on it dies. While ensuring that your data doesn’t end up in the wrong hands is reason enough to make sure you dispose of technology properly, it’s far from the only reason.

Look around your office. If it’s like most, it probably looks a lot different than it did five years ago. Computers, phones, copiers and just about everything else associated with office work has changed dramatically. And, they’re going to keep changing.

Technology is advancing faster than just about anybody can manage. With everyone constantly upgrading to the latest, “next best thing,” it begs the question, “what’s happening to all of the old stuff?”

There are Several Good Reasons to Dispose of Technology

Here are six reasons to do so, and all of them can affect your company’s bottom line and reputation.

  1. Criminal Penalties

As the world around us continues to demand faster and more complete access to information (better technology), there is now a more robust policing of used technology disposal.

Depending on your industry, the laws that govern how you dispose of technology can fall under one or more of the following: HIPPA (healthcare), EPA (environmental), FDA (pharmaceuticals and medical devices), FCC (broadcast and phone providers), PCI regulations (credit card data), Sarbanes-Oxley (financial services), Gramm-Leach-Bliley (banking) , PII (personally identifiable information) and FACTA (credit reports).

The repercussions of criminal penalties go without saying and can impact each of the remaining reasons we list.

  1. Executive Fines and Incarceration

With information being such a high value commodity in this technological age, punishments are now catching up to the heft of the crime. Companies are now tasked with responsibly disposing of their used technology. Cavalier behavior with information can now lead to huge fines and even jail time depending on the case.

  1. Civil Penalties

Civil penalties are fines imposed by government agencies as restitution for wrongdoing. Check any business page or television news broadcast and it won’t take you long to realize that both State and Federal agencies are recognizing the growing exposure related to information security. Fines can add up quickly and not only damage your company’s bottom line, but your reputation as well. 

  1. Litigation Costs

One of the misconceptions with technology disposal is that all liability for data is transferred once technology exits. Too often that’s not the reality, and it’s the reason many companies are blindsided by cases even when they believed that things had been done correctly. Nobody wants litigation because that can get expensive very quickly.

  1. Diminished Stock Prices

Perception is almost as powerful as reality when it comes to the value of stocks. Any of the above can lead to a negative perception of your company, whether it’s founded or not. If the perception of your company is diminished, your company’s stock will be as well.

  1. Public Relations Fallout

The old adage that any publicity is good publicity doesn’t hold true here. Your company’s reputation is damaged if any of the above events occur. As technology becomes increasingly integrated into our daily business and private lives, data security is more important than it’s ever been. Understand your responsibility and ensure that old technology is disposed of properly. Your reputation depends on it.

Maxxum Recertified as a NAID® AAA Information Destruction Operations Provider

August 4, 2014

NAID-AAA-CertLOGO

 

Recertification and new leading-edge service offerings help organizations satisfy rigorous electronic information protection and data destruction requirements

Minneapolis / St. Paul., MN – Maxxum Inc., a leading IT asset disposition solutions provider, has been recertified as a NAID® (National Association for Information Destruction) AAA Certified provider of Asset Disposition services – namely computer hard drive sanitization, as well as mobile and plant-based physical destruction of hard drives. The NAID AAA Certification Program establishes stringent standards for a secure information destruction process, including such areas as operational security, employee hiring and screening, documented processes responsible disposal and insurance. Working with a NAID AAA certified vendor gives organizations peace of mind know that all of their information destruction legal requirements are satisfied.

“Data protection and destruction is an increasingly significant and complex issue for our clients, and with NAID AAA Certified asset disposition services and other leading edge data security services Maxxum is well positioned to help these organizations protect their sensitive information while satisfying rigorous regulatory requirements,” says Rich Woodward, president and owner, Maxxum.

The enforcement of data privacy laws, often accompanied by significant fines, is becoming more prevalent, and over the past two years Maxxum’s client base has grown some 30 to 40 percent as organizations look for help not just with satisfying data destruction requirements, but establishing sound policies and procedures to keep sensitive data secure throughout the IT lifecycle.

“Where two years ago most of our clients were based in the Upper Midwest, today we work with organizations throughout the United States and even into Canada, providing a variety of value-added services to help them efficiently and effectively solve diverse data and IT equipment protection needs,” says Woodward. “We’ve also hired additional personnel to help keep pace with the growing demand for service.”

About NAID

NAID is the non-profit trade organization of the secure destruction industry. Founded in 1994, its mission is to promote proper destruction of all forms of discarded media containing personal and proprietary information. NAID has forged strong relationships internationally with policymakers and regulators, produces an extensive catalog of guidance publications, and enforces security standards for the secure destruction industry around the world.

About Maxxum

With secure, modern facilities located near Minneapolis/St. Paul, Minnesota, Maxxum is an IT lifecycle management consulting firm that works with a strong network of clients, suppliers, and recyclers to provide cost effective IT Asset Disposition solutions throughout North America.

As a NAID AAA Certified entity, Maxxum is committed to providing the best customer service in the industry. As IT lifecycle management consultants, every program Maxxum creates is fully customized to meet the specific needs of each client. Maxxum uses industry best practices to sanitize computers and information hearing devices, complete with Certifications of Destruction, as outlined by the Department of Defense Data Security Standard and the National Institute of Standards & Technology (NIST) Guidelines. Maxxum has a strict no-landfill policy.

Maxxum Inc., 1350 South Field Avenue, Rush City, MN 55069; 651-674-2715; www.maxxuminc.com.

Laptop Stolen from Hospital

June 1, 2014

LucilePackardChildrensHospitalLogo

The incident was reported to the hospital by an employee on May 8, 2013. A password-protected, non-functional laptop containing limited medical information on pediatric patients was stolen from a secured, badge-access controlled area of the hospital. Immediately following discovery of the theft, Packard Children’s launched an aggressive and ongoing investigation with security and law enforcement.

To date, there is no evidence that any pediatric patient data has been accessed by an unauthorized person or otherwise compromised.

The computer was outdated and damaged, thus on a schedule for collection by information technologists. Despite a law enforcement investigation, in collaboration with the Stanford Department of Public Safety and Hospital Security, the laptop has not been recovered yet.

The information that could potentially have been on the stolen computer relates to some operating room schedules over a three-year period beginning in 2009. Although Packard Children’s is not certain which operating schedules would have been on the computer, out of an abundance of caution, 12,900 potentially affected patients are being notified by mail, though there is no indication any patient information has been accessed or compromised.

The information did not include financial or credit card information, nor did it contain Social Security numbers, insurance numbers or any other marketable information. The information on the operating room schedule that potentially could have transferred to the computer would have been patient name, age, medical record number, telephone number, scheduled surgical procedure, and names of physicians involved in the procedure.

The hospital is offering a year of identity theft protection at no cost to potentially-affected families that wish to have it, and is establishing a call center to answer questions from families. The toll-free number is (855) 683-1168, and is available Monday through Saturday from 6 a.m. to 6 p.m. PST.

Lucile Packard Children’s Hospital strives to be an industry leader in the area of medical information security. As a result of this incident, we are taking additional steps to further strengthen our policies and controls surrounding the protection of patient data to reduce the chance that an incident of this type will happen again.