Archives

Maxxum Insured by Downstream Data Coverage

March 8, 2016

Downstream Data Coverage

Maxxum has always taken our responsibilities as a secure data destruction service provider very seriously. It’s why we’re proud to be AAA NAID certified—a program that establishes standards for secure data and equipment destruction processes.

These NAID (National Association for Information Destruction) standards include:

  • Operational Security
  • Employee Hiring and Screening
  • Audited by Independent 3rd Party
  • Documented Process
  • Data Destruction Insurance (best practices)

Maxxum passed a strict audit to become NAID AAA certified and has agreed to not only be recertified every year, but must pass random audits during the course of the year.

Working with an asset disposal company that is NAID AAA certified should first and foremost bring peace of mind to an organization. With data breaches and information theft making headlines far too often, it’s a HUGE relief for companies to partner with an organization like Maxxum, who will make sure they receive documented transfer of custody and indemnification from their technology assets.

Ensuring Data Security One Step Further with Downstream Data Coverage

Maxxum is now taking that piece of mind one step further for their customers as a “best practices” initiative. We’re now insured by Downstream Data Coverage, the only professional liability coverage developed specifically by NAID for data destruction services.

From the Downstream Data Coverage website:

“Data-related service providers obtain professional liability insurance to protect themselves and to ensure they can cover their financial liabilities to their clients.  When a service provider purchases an inadequate professional liability policy, they not only put themselves at risk, they also leave their customer exposed.  Downstream Data Coverage seeks to make sure that doesn’t happen.”

This specialized policy addresses many of the shortcomings of standard professional liability coverage that leave service providers and their customers at risk.

Downstream Data Coverage is only available to service providers that are subject to the routine announced and unannounced audits of NAID AAA certification. This means that not only is the service protecting the customer with quality professional liability insurance, the service provider is also operating under the scrutiny of outside auditors trained specifically for that purpose.

Too many technology asset destruction service providers rely on off-the-shelf professional liability coverage because they had no other alternatives. Many times that coverage still leaves companies without the full coverage they seek.

Many customers remain at risk, because their service provider would not be able to effectively cover their liability. At Maxxum, we are proud to ensure our processes meet the high standards needed for proper technology asset disposal and data destruction; with Downstream Data Coverage, we’ve just taken it one step further.

4 Questions to Ask Your Technology Disposal Company

November 3, 2015

technology disposal company

When you’re ready to dispose of your old technology assets, do so with the support and guidance of people whose job it is to stay on top of the ever-evolving regulatory and security requirements: a certified compliant and dependable technology disposal company.

4 Things You Need to Know About Your Technology Disposal Company

We’ve outlined a few questions to ask your technology disposal company:

1. Are they certified for data destruction and environmental compliance?

With so many stories about data breaches and information leaks dominating the news over the last few years, most organizations are a little spooked about how they’re disposing of their used technology assets.

You may be vulnerable to legal ramifications if you don’t dispose of your data and drive assets properly. If your sensitive data leaks, you’ll have to answer to the law and your customers. Financial penalties can be quite harsh, and a tarnished reputation can have long-term ramifications.

Environmental compliance laws have become far more strict over the last decade, and getting hit with environmental penalties is a bad “look” for any organization. Now more than ever, it’s important to vet a technology asset disposal company to ensure they have industry certifications for both security and environmental compliance.

2. Do they understand the resale market?

Your technology asset disposal company should know the resale market inside and out in order for your organization to get the best return on the equipment it’s retiring.

PCs, laptops, and servers that are less than three to four years old retain value, even if they’re no longer of use to your company. If you’re ready to dispose of your technology assets, why not recover that value? Remarketing your technology assets is an opportunity to recoup some of the initial investment or cover some or all of the disposal costs.

Your technology asset disposal company should understand price trends on the resale market and help your organization plan ahead and determine when your assets will turn from revenue generators to cost creators. They should help you plan to refresh your technology cycles to ensure that you get the optimum value on your old equipment.

3. How do they document data destruction and disposal?

Find out from any potential provider how they document their full process. There are too many factors along the way during the disposal process that could find your organization liable for mistakes made by your provider.

Disposing of data can have security, financial, and software asset management implications. Proper documentation can shield your company from financial and legal penalties. You should be provided with a Certificate of Data Destruction and a detailed inventory report, as well as a report to show the environmental impact that your responsible recycling is having.

4. Can they serve all of your locations?

Technology asset disposal can be a pretty complicated matter. From drive sanitization to environmental compliance, there are numerous reasons to rely on a proven and trusted technology disposal company.

Don’t forget to ask about logistics. Your vendor has to have experience that allows them to serve all of your sites and the logistical capability to properly handle all of your assets.

If you have multiple locations, make sure you hire a disposal company that can handle your work load and that understands the different regulations that might be in play in each of your locations.

 

TD Bank to Pay Second Breach Penalty

December 9, 2014

Massachusetts Cites Bank for Tardy Notification

By , December 8, 2014. Follow Jeffrey @gen_sec

TD Bank has agreed to a second state settlement tied to a data breach involving the loss of two backup tapes that may have exposed personally identifiable information for 260,000 of the bank’s 8 million U.S. customers.

The $625,000 settlement with the Massachusetts attorney general is separate from an earlier, $850,000, nine-state settlement (see:TD Bank Agrees to Breach Settlement). Massachusetts pursued its own investigation because the breach occurred in that state and affected a large number of its residents, a spokesperson for the attorney general tells Information Security Media Group.

The Latest Settlement

In the Massachusetts settlement, Attorney General Martha Coakley said the breach exposed the personal information of more than 90,000 Massachusetts customers.

Coakley alleged that TD Bank violated the state’s data breach notice law by delaying providing notice of the March 2012 incident until October 2012. Under Massachusetts law, breached entities are required to provide written notice “as soon as practicable and without unreasonable delay.”

“Businesses are required to secure the sensitive information that consumers entrust to them, and cannot subject consumers to unnecessary risk by failing to provide prompt notice when that information is compromised or lost,” Coakley says.

TD Bank, in a statement, says it has been continually enhancing its technologies and processes to better protect the personal information of its customers. “This agreement highlights our efforts to evolve our security controls to further benefit our customers,” says Judith Schmidt, a TD Bank spokesperson. “TD Bank has settled with the attorneys general in an effort to resolve this issue.”

Under the Massachusetts settlement, TD Bank will pay $325,000 in civil penalties, $75,000 in attorney’s fees and costs, and $225,000 to a fund administered by the attorney general’s office to promote education or to fund local consumer aid programs.

In addition, TD Bank has agreed to give prompt notice of future data breaches and to comply with Massachusetts data security regulations, which mandate that organizations encrypt personal information stored on back-up tapes; require third-party service providers to implement and maintain appropriate security measures; and review the security practices and procedures of third-party providers entrusted with personal information.

Backup Tapes Lost

TD Bank reported in October 2012 that two unencrypted backup tapes, which contained 1.4 million files on 260,000 bank customers nationwide, were lost (see: TD Bank Breach Response Questioned). The bank, in its breach notification letter, said the tapes, which contained personal information, were misplaced in late March of 2012 while in transit to one of the bank’s Massachusetts locations.

The information on the tapes may have included names, addresses, Social Security numbers, account numbers and/or other data elements, such as dates of birth or driver’s license numbers, the bank says. As a result, TD Bank offered affected customers 12 months of free credit monitoring services, although the bank advised its customers to monitor their accounts for 24 months.

View article source...