{"id":1344,"date":"2008-05-20T21:08:19","date_gmt":"2008-05-21T04:08:19","guid":{"rendered":"http:\/\/gillin.com\/blog\/?p=1344"},"modified":"2009-10-24T11:43:59","modified_gmt":"2009-10-24T18:43:59","slug":"old-pcs-pose-environmental-regulatory-threat","status":"publish","type":"post","link":"https:\/\/gillin.com\/blog\/2008\/05\/old-pcs-pose-environmental-regulatory-threat\/","title":{"rendered":"Old PCs Pose Environmental, Regulatory Threat"},"content":{"rendered":"<p><em>From Innovations, a website published by Ziff-Davis Enterprise from mid-2006 to mid-2009. Reprinted by permission.<\/em><\/p>\n<p>We all know how great it feels to have a new PC plunked down on our desktop or in our briefcase.\u00a0 But for IT organizations, that exhilaration is increasingly compounded by anxiety.\u00a0 What should they do about disposing of the computer that&#8217;s being replaced?<\/p>\n<p>This issue is gathering importance as the number of old computers grows.\u00a0 Gartner has forecast that consumers and businesses will replace more than 925 million PCs worldwide by 2010.\u00a0 And that&#8217;s just one category of computer.\u00a0 Gartner expects another 46 million servers to ship during the next five years, and about one billion mobile phones to be discarded yearly beginning in 2010.<\/p>\n<p>There are obvious ecological concerns that attend this problem, of course. Most personal computers contain chemicals that can poison water supplies and old CRT monitors have lead linings that should never make their way into a landfill.<\/p>\n<p>But the risks to businesses these days can hit even closer to home.\u00a0 Discarded computers can contain proprietary data that, if disclosed, can open a company to a host of legal and compliance problems. Among the regulations that provide severe financial penalties and even imprisonment for improper data protection are the Health Insurance Portability and Accountability Act (HIPAA), Gramm-Leach-Bliley Act and Sarbanes-Oxley Act.\u00a0 There are also a host of local regulations to consider, the result of Congress\u2019s decision many years ago to make environmental rules the domain of individual states<\/p>\n<p>Companies have gotten by for years on ad hoc approaches to computer disposal.\u00a0 Often, they sell old machines to employees, give them to charities or palm them off on trash hauling business that dispose of the equipment in places unknown. But regulators don&#8217;t buy the \u201cout of sight, out of mind\u201d philosophy. Most place the onus of insuring data protection on the original owner. That means that if a PC or cell phone containing protected information turns up in a landfill overseas somewhere, the firm that captured the data is on the hook for any legal obligations.<\/p>\n<p>A particular concern is the trash companies, who often piggyback their computer disposal services on top of their basic business of hauling away Dumpsters full of refuse. While many of these companies are no doubt legitimate, some tried to cut costs by piling IT equipment into containers and shipping them overseas.<\/p>\n<p>In some cases, this equipment is simply thrown into open holes in the ground, causing unknown public health concerns. Many Third  World companies also of the have subcultures of entrepreneurs who to disassemble equipment and sell the piece parts on the open market. In 2006, <a href=\"https:\/\/news.bbc.co.uk\/1\/hi\/programmes\/real_story\/4791167.stm\">The BBC bought 17 second-hand hard drives in Nigeria<\/a> for $25 each and recovered bank account numbers, passwords and other sensitive data from them. Under many regulations, the original buyers of that equipment could be liable for any security or privacy breaches that resulted.<\/p>\n<p>Nearly every business should have a plan for disposing of end-of-life computers.\u00a0 If storage equipment is to be repurposed, it needs to be thoroughly erased. The Department of Defense\u2019s <a href=\"https:\/\/en.wikipedia.org\/wiki\/DOD_5220.22-M\">5220.22-M erasure standard<\/a> insures that media is completely cleansed of recoverable data. A simpler approach is to take a hammer and smash the storage media into smithereens. Whatever tactic you use, you need to document the data destruction using the appropriate compliance forms.<\/p>\n<p>A new practice has also emerged called IT Asset Disposition (ITAD). ITAD vendors essentially outsource the disposal process and provide tracking, verification and even insurance against liability. Some firms can also remanufacture components and sell them, thereby reducing costs for their customers.\u00a0 Research firm International Data Corp. <a href=\"https:\/\/www-07.ibm.com\/au\/greensecure\/pdf\/IDC_071907_Top_Aseet_Disposal_Issues.pdf\">has published a good study on the market<\/a>. The site <a href=\"https:\/\/www.greenercomputing.com\/\">Greener Computing<\/a> also has helpful advice.<\/p>\n","protected":false},"excerpt":{"rendered":"<p>From Innovations, a website published by Ziff-Davis Enterprise from mid-2006 to mid-2009. Reprinted by permission. We all know how great it feels to have a new PC plunked down on our desktop or in our briefcase.\u00a0 But for IT organizations, &hellip; <a href=\"https:\/\/gillin.com\/blog\/2008\/05\/old-pcs-pose-environmental-regulatory-threat\/\">Continue reading <span class=\"meta-nav\">&rarr;<\/span><\/a><\/p>\n","protected":false},"author":1,"featured_media":0,"comment_status":"open","ping_status":"open","sticky":false,"template":"","format":"standard","meta":{"spay_email":""},"categories":[143],"tags":[198,197,165],"jetpack_featured_media_url":"","jetpack_shortlink":"https:\/\/wp.me\/pTy95-lG","_links":{"self":[{"href":"https:\/\/gillin.com\/blog\/wp-json\/wp\/v2\/posts\/1344"}],"collection":[{"href":"https:\/\/gillin.com\/blog\/wp-json\/wp\/v2\/posts"}],"about":[{"href":"https:\/\/gillin.com\/blog\/wp-json\/wp\/v2\/types\/post"}],"author":[{"embeddable":true,"href":"https:\/\/gillin.com\/blog\/wp-json\/wp\/v2\/users\/1"}],"replies":[{"embeddable":true,"href":"https:\/\/gillin.com\/blog\/wp-json\/wp\/v2\/comments?post=1344"}],"version-history":[{"count":4,"href":"https:\/\/gillin.com\/blog\/wp-json\/wp\/v2\/posts\/1344\/revisions"}],"predecessor-version":[{"id":1698,"href":"https:\/\/gillin.com\/blog\/wp-json\/wp\/v2\/posts\/1344\/revisions\/1698"}],"wp:attachment":[{"href":"https:\/\/gillin.com\/blog\/wp-json\/wp\/v2\/media?parent=1344"}],"wp:term":[{"taxonomy":"category","embeddable":true,"href":"https:\/\/gillin.com\/blog\/wp-json\/wp\/v2\/categories?post=1344"},{"taxonomy":"post_tag","embeddable":true,"href":"https:\/\/gillin.com\/blog\/wp-json\/wp\/v2\/tags?post=1344"}],"curies":[{"name":"wp","href":"https:\/\/api.w.org\/{rel}","templated":true}]}}