Technology Recycling's Computer Disposal Services Provide Compliance with New Privacy Laws

DENVER, Colo., June 18, 2001 -Technology Recycling , the nation's largest computer hardware disposal and materials recycling firm, today announced that its methodology for disposal of obsolete computers provides the highest degree of certainty that companies are in compliance with new privacy laws, including the Gramm-Leach-Bliley Act (applies to privacy of financial records) and the Health Insurance Portability and Accountability Act (HIPAA), which applies to maintaining privacy of medical records. Deadlines for compliance with these laws include April 14, 2001 (HIPAA) and June 30, 2001 for the Gramm-Leach-Bliley Act. Of note, these privacy laws apply to any company holding financial or medical data on employees or customers, not just financial and medical businesses.

For businesses seeking to responsibly dispose of obsolete computers and comply with privacy regulations, Technology Recycling can certify destruction of data because the company destroys old computer hardware and re-processes glass, plastic and metals for re-use, rather than refurbishing and reselling systems and components (including hard drives and RAM/ROM chips).

For businesses seeking to responsibly dispose of obsolete computers and comply with privacy regulations, Technology Recycling can certify of destruction of data for several reasons:

• Technology Recycling completely destroys old computer hardware and re-processes glass, plastic and metals for re-use, rather than refurbishing and reselling systems and components (including hard drives and RAM/ROM chips);
• Technology Recycling stores all systems in a heavily secured area before disposal; and
• Technology Recycling can prove a clear chain of custody before the systems are destroyed, thereby allowing for certification of data and hardware destruction.

"Proprietary data stored on obsolete computers is an area of privacy that most company officials don't consider when developing privacy and data security plans," noted Robert Knowles, Jr., founder, president and CEO of Technology Recycling. "Any company that is donating or refurbishing/reselling old computer hardware, instead of truly disposing of them, will be in violation of the new privacy laws."

Chief information officers often have not considered the privacy and security ramifications of how to dispose of obsolete systems, according to Thomas C. Hushen, president of the 5280 Group International, www.5280Group.com. Hushen, a former chief information officer for Ameritrade Holding Company and Southwest Securities, and technical director for Gateway and American Airlines said, "Chief information officers absolutely need to consider security and privacy issues as they relate to handling of obsolete computer hardware, and include proper computer disposal in their overall plan. It's clear that a molten lump of metal that used to be a computer hard drive poses no risk, while a 'cleansed' hard drive, given today's forensic technology capabilities, holds no guarantee that the data is really gone. CIOs should budget assured disposal of obsolete systems into the total cost of ownership."

Cleansing Hard Drives of Old Systems More Difficult Than It Seems

Many companies are storing old systems that literally are not operational because the computers and software are so dated. If a machine is not operable, then it would have to be fixed before it could be manually wiped of data. If a computer is operable but very old (for example, Windows 3.1), then there are few software options for wiping data. Many company managers also are unaware that frequently accessed data (such as social security numbers, account numbers, names, addresses, phone numbers) are stored not only on the hard drive but on the RAM and ROM chips as well.

Data Security/Privacy/Espionage Are Dangers of  Computer Disposal

Compliance with new privacy laws are a major new concern for company officials who want to minimize fines and prosecution. But corporate espionage is another danger that should be considered when disposing of obsolete computers.
"The potential for corporate espionage from old computers is huge," explained Ken Brandt, managing director of New York-based Tiger Testing www.TigerTesting.com, a notable computer and Internet security testing firm. Brandt, who has provided expert testimony on security matters (including Gramm-Leach-Bliley) to Congress and financial regulators, said, "If a discarded computer falls into the hands of computer hackers, they would have all the time in the world to uncover confidential company data. Hackers would not have to be sophisticated, they could take their time, and none of their activities would be logged, tracked or monitored. The company being attacked would have no means of knowing. Conversely, it is physically impossible to hack data from molten metal and glass."

Of note, Brandt pointed out that the Gramm-Leach-Bliley Act and HIPAA affect much more than banks and medical practices. "There's a mistaken belief that these new privacy laws only affect financial and medical firms. Actually, these privacy laws cover the privacy of financial and health information. So even regular companies with 401K information and medical information on their employees must comply with these laws," he said.

A Brief Look at the Gramm-Leach-Bliley Act 

Signed into law on Nov. 12, 1999 by President Clinton (Public Law 106-102), the Gramm-Leach-Bliley Act is designed to modernize antiquated financial services laws, implement customer protections and privacy policies, and more. In addition to repealing Depression-era barriers that separate banking, insurance and securities industries, the privacy provisions require companies to notify consumers of their privacy policies and provide "opt-out" provisions for consumers who do not want their personal information distributed beyond the company. Because this law will be enforced by many different entities, enforcement and penalties vary. 

For more information, please access http://www.senate.gov/~banking/conf/grmleach.htm.

A Brief Look at the HIPAA 

The use and disclosure of patient medical information originally was protected by a patchwork of state laws, leaving gaps in the protection of patients' privacy and confidentiality. Congress recognized the need for national patient record privacy standards in 1996 when they enacted the Health Insurance Portability and Accountability Act of 1996 (HIPAA). The law included encouraged electronic transactions to lower health care costs, but also required new safeguards to protect the security and confidentiality of that information. The final rule took effect on April 14, 2001. All medical records and other individually identifiable health information used or disclosed by a covered entity in any form, whether electronically, on paper, or orally, are covered by the final rule.  

For more information, please access: http://aspe.os.dhhs.gov/admnsimp/.

"A recent study by an industry analyst firm indicated that only one third of businesses have formal privacy policies, and correspondingly, probably have little to no knowledge of the new privacy regulations," noted Technology Recycling President Robert Knowles. "Technology Recycling is working to educate these companies, and also provides an economical solution that helps companies both comply with privacy laws and be environmental good citizens."
About Technology Recycling

Founded in mid-1998, Technology Recycling helps businesses recycle/dispose of obsolete computer systems and other high-tech junk in an environmentally responsible manner, and according to EPA standards. The company is based in Denver, Colo., and provides technology recycling services in the lower 48 states of the United States. Since its founding, Technology Recycling has collected and disposed of approximately 100 tons of obsolete computer systems; developed national accounts with Fortune 500 companies; and achieved "preferred vendor" status in a dozen states.