Archives

Maxxum Conducts Tech Disposal Research Study

February 3, 2016

tech disposal research study

Maxxum recently conducted a tech disposal research study with a simple objective in mind: We wanted to understand your world and how we can make technology disposal easier and safer given the challenges you face in today’s digital environment.

The overriding result of this study revealed that organizations still engage in risky technology disposal behavior, even as data breaches continue to increase in frequency and severity. We were quite happy to find that Maxxum customers rate our services more positively as compared to other technology companies, especially in the key areas of recycling, security, and compliance— which are cited as the most meaningful to organizations.

In this ever-evolving digital age it’s increasingly important to dispose of technology assets using a safe and compliant program. At Maxxum, we’re committed to helping you retire your technology in a documented, secure, and sustainable way.

Tech Disposal Research Proves the Importance of Proper Asset Disposal

Our tech disposal research study gathered responses from highly regulated/risk adverse organizations including health care, insurance, medical device MFG, financial services and education.

The most alarming data uncovered from our research is that 40 percent of respondents stated that they use disposal methods outside of a professional tech disposal service, including equipment donations and giving away old computers, monitors, etc. to employees. Just because your office is done with a computer, that doesn’t mean the secure information it holds isn’t still available.

We stress to our clients and say elsewhere here on our website: You may be vulnerable to legal ramifications if you don’t dispose of your data and drive assets properly. If your sensitive data leaks, you’ll have to answer to the law and your customers.

As one might expect, the most important elements for organizations, the key drivers, are: process and documents, recycling and reuse and security at destination. We’re happy to report that Maxxum customers ranked our service particularly high in those three areas versus other companies.

To see more of the tech disposal research study survey results, contact us for a copy of our white paper.

4 Questions to Ask Your Technology Disposal Company

November 3, 2015

technology disposal company

When you’re ready to dispose of your old technology assets, do so with the support and guidance of people whose job it is to stay on top of the ever-evolving regulatory and security requirements: a certified compliant and dependable technology disposal company.

4 Things You Need to Know About Your Technology Disposal Company

We’ve outlined a few questions to ask your technology disposal company:

1. Are they certified for data destruction and environmental compliance?

With so many stories about data breaches and information leaks dominating the news over the last few years, most organizations are a little spooked about how they’re disposing of their used technology assets.

You may be vulnerable to legal ramifications if you don’t dispose of your data and drive assets properly. If your sensitive data leaks, you’ll have to answer to the law and your customers. Financial penalties can be quite harsh, and a tarnished reputation can have long-term ramifications.

Environmental compliance laws have become far more strict over the last decade, and getting hit with environmental penalties is a bad “look” for any organization. Now more than ever, it’s important to vet a technology asset disposal company to ensure they have industry certifications for both security and environmental compliance.

2. Do they understand the resale market?

Your technology asset disposal company should know the resale market inside and out in order for your organization to get the best return on the equipment it’s retiring.

PCs, laptops, and servers that are less than three to four years old retain value, even if they’re no longer of use to your company. If you’re ready to dispose of your technology assets, why not recover that value? Remarketing your technology assets is an opportunity to recoup some of the initial investment or cover some or all of the disposal costs.

Your technology asset disposal company should understand price trends on the resale market and help your organization plan ahead and determine when your assets will turn from revenue generators to cost creators. They should help you plan to refresh your technology cycles to ensure that you get the optimum value on your old equipment.

3. How do they document data destruction and disposal?

Find out from any potential provider how they document their full process. There are too many factors along the way during the disposal process that could find your organization liable for mistakes made by your provider.

Disposing of data can have security, financial, and software asset management implications. Proper documentation can shield your company from financial and legal penalties. You should be provided with a Certificate of Data Destruction and a detailed inventory report, as well as a report to show the environmental impact that your responsible recycling is having.

4. Can they serve all of your locations?

Technology asset disposal can be a pretty complicated matter. From drive sanitization to environmental compliance, there are numerous reasons to rely on a proven and trusted technology disposal company.

Don’t forget to ask about logistics. Your vendor has to have experience that allows them to serve all of your sites and the logistical capability to properly handle all of your assets.

If you have multiple locations, make sure you hire a disposal company that can handle your work load and that understands the different regulations that might be in play in each of your locations.

 

Laptop Stolen from Hospital

June 1, 2014

LucilePackardChildrensHospitalLogo

The incident was reported to the hospital by an employee on May 8, 2013. A password-protected, non-functional laptop containing limited medical information on pediatric patients was stolen from a secured, badge-access controlled area of the hospital. Immediately following discovery of the theft, Packard Children’s launched an aggressive and ongoing investigation with security and law enforcement.

To date, there is no evidence that any pediatric patient data has been accessed by an unauthorized person or otherwise compromised.

The computer was outdated and damaged, thus on a schedule for collection by information technologists. Despite a law enforcement investigation, in collaboration with the Stanford Department of Public Safety and Hospital Security, the laptop has not been recovered yet.

The information that could potentially have been on the stolen computer relates to some operating room schedules over a three-year period beginning in 2009. Although Packard Children’s is not certain which operating schedules would have been on the computer, out of an abundance of caution, 12,900 potentially affected patients are being notified by mail, though there is no indication any patient information has been accessed or compromised.

The information did not include financial or credit card information, nor did it contain Social Security numbers, insurance numbers or any other marketable information. The information on the operating room schedule that potentially could have transferred to the computer would have been patient name, age, medical record number, telephone number, scheduled surgical procedure, and names of physicians involved in the procedure.

The hospital is offering a year of identity theft protection at no cost to potentially-affected families that wish to have it, and is establishing a call center to answer questions from families. The toll-free number is (855) 683-1168, and is available Monday through Saturday from 6 a.m. to 6 p.m. PST.

Lucile Packard Children’s Hospital strives to be an industry leader in the area of medical information security. As a result of this incident, we are taking additional steps to further strengthen our policies and controls surrounding the protection of patient data to reduce the chance that an incident of this type will happen again.