Is Your IT Asset Disposition Program Breaking the Law?

Privacy concept, red hot key on  keyboardWhen you own a business, you need to follow a host of regulations, whether they deal with providing benefits to workers, complying with safety rules or reporting income.

There are also regulations dealing with data security and IT disposition, two things you should consider before getting rid of your used IT assets.

Among the regulatory standards governing data security are:

  • HIPPA and HITECH – Otherwise known as the Health Insurance Portability and Accountability Act and the Health Information Technology for Economic and Clinical Health Act, these federal regulations govern health care data security and privacy.
  • FACTA – The Fair and Accurate Credit Transactions Act was designed to shield consumers from identity theft. One of the ways it does this is by establishing requirements for proper disposal of consumer information.
  • GLB – The Gramm-Leach-Bliley Act governs consumer privacy rules for banks insurance companies and other financial institutions.
  • PCI – The Payment Card Industry Data Security Standard requires information security compliance from organizations that process any kind of payment card.
  • SOX – Established in 2012, the Sarbanes-Oxley Act is a federal law that sets standards for public companies, their managers and their boards.

To avoid violating any of these regulations, it’s important to have a solid data destruction plan for your company, one that’s backed by auditable records.

Your plan should comply with the five regulations listed above, and you should make sure anyone in your organization involved in the IT asset disposition process understands its requirements.

When it comes time to find an organization to help dispose of your used IT assets, CWI can help.

We subject all of your equipment to the data erasure standard used by the Department of Defense.

This involves a three pass process over each type of media. When that’s complete, we store information about your media, along with the results of the DoD wipe, in our SQL Server database.

Any media that fails the process gets pulled and physically destroyed. We’ll give you a detailed report and a certificate of data destruction.

By working with CWI, you can be assured that your company is keeping its employee and customer data safe, and complying with the law.

Leave a Reply

Your email address will not be published. Required fields are marked *