To Order, Call Sales (888) 236-9501
 
 

Technology Articles

The Hard and the Soft of Deleting Data for Good, Part II

Dispose of Hardware with Care

By: Robert H. Spencer, PhD
Intuit ProConnection Really Simple
You can bring these articles to your desktop as soon as they are published.


Already a ProConnection subscriber?
Update your profile and personalize your ProConnection experience.
Update your profile

Not a subscriber yet?
Sign up now for free and start receiving customized newsletters directly to your inbox.
Sign up now

Bob Spencer In the first part of this article, we identified the best practices for dealing with data files containing sensitive data before hardware is disposed of.

Now we will be turning our attention to the hardware side of the issue.



The Hardware Side of Deleting Data

In our article on disposing of sensitive data we discussed the potential dangers of discarding a computer system without making sure that all data remnants had been destroyed. As a consultant, I recommend to my clients that they dispose of the computer and the hard drives separately by removing the drive and physically destroying it.

Too many clients dump or store old technology not realizing the data security hazard or the ecological one. The EPA study's recent data shows that measured by weight, only 11% of electronic devices are being recycled in the sense of a recycler dismantling or refurbishing the equipment for extended use. Forty-five percent is disposed in landfills or by incineration, creating a potentially heavy ecological threat. The remaining 44% is stored or is sold informally or donated to a charity for reuse. 4

The sheer volume of PCs that are discarded improperly, or are stored and forgotten for later dispoal, is seen as a ecological time bomb. Several states are so concerned that specific legislation has been passed to regulate the destruction of computer and components. 5

Don't Trash - Recycle

Although some of your colleagues or clients may look on data deletion as a hassle, you can see it as a business opportunity. As a consultant, you can work with interested clients and advise them best practices in how to destroy and discard old equipment. You might even make a few dollars doing it.

Companies Gearing up to Help. Several environmentally conscious companies, such as IBM, HP and Dell are helping the computer industry by taking trade-ins or offering buybacks. Some computer resellers are willing to pick up discarded equipment when installing new and properly recycling these. As you know, these types of services have been the norm for decades in other industries such as appliances and automobiles. In some cases these services are only offered to larger businesses, but consultants can offer these services to several smaller clients and take advantage of creating volume this way.

Finding the Right Partner

IBM in particular offers several excellent suggestions to help you determine if you have the right partner to recycle equipment and protect yourself. To be sure you are getting what you need from your partner, use the following questions:

  1. Does the program pay cash, or simply offer credit toward new purchases?
  2. Are there minimum quantity requirements?
  3. Is the cost of disposal balanced against the ever-changing market value of the equipment, which may mean that the sooner you upgrade the more value you recover?
  4. Does the program offer security services to prevent data from getting into the wrong hands?
  5. Does equipment destruction meet regulatory standards, and is documentation available to verify compliance?
  6. How quickly will you receive your money?
  7. How easy and convenient is the process?
  8. Does the program accept assets without market value?
  9. Who is responsible for packaging and transportation? 6

Rather than wait until computers and peripherals become utterly worthless, help your small business clients to create a plan in advance to recycle these devices. If there is a plan in place, they are more likely to act responsibly and make better business decisions. If they seem hesitant, check your state's regulatory guidelines, you may be helping the company avoid costly fines and fees. And when regulatory compliance turns into unexpected windfalls for future hardware purchases, learning to let go can become a pretty attractive proposition.

Legal Requirements and the Long Arm of the Law

Recent legislation at the municipal, state and provincial levels in the United States and Canada is now addressing issues related to data privacy and untreated computer waste. In many parts of North America, recycling computers is no longer a just a good idea, it's the law. Failure to properly dispose of sensitive information could result in fines and possibly legal action, not to mention being very embarrassing to you if your firm appears in the morning paper. On the federal level, bills such as the U.S. National Computer Recycling Act would require recycling and safe disposal of all old computer equipment nationwide.

While these new regulations are a boon to the environment and privacy, they may pose serious compliance problems for small businesses that are already stretched thin in their efforts to understand and abide by laws covering workplace safety, privacy, taxes, zoning requirements and long-standing environmental codes.

Avoiding Disposal Charges

Check to see if your clients have retained their purchase receipts. More recently, computer sales in many states include a computer disposal fee built as a required payment at time of purchase. Presenting that receipt at a recycling center can help you avoid charges.

The Final Decision

In the end, the decision is yours in how you deal with your own computer technology and how you decide to counsel clients. Several states currently require you to report to customers or clients if you believe any sensitive information has been leaked or stolen from your organization, and may hold you responsible if the leak can be traced back to you.
BONUS for Our Readers: Pro Forma Security Policy

Editor's Note: Dr. Bob is graciously allowing us to include links to his Digital Inke page, that includes a pro forma security policy and more.

Library of White Papers

Use the link above to access
  • Sample Records Retention
  • Sample Acceptable Use Policy
  • Sample Security Plan
  • Sample Business Contingency Plan
  • Association of Certified Fraud Examiners Report

Parting Thoughts

  • Recycle Centers. In many areas of the country, you can now take obsolete IT equipment down to the local recycling center, along with old newspapers and magazines. However, some consultants take precautions before they let go of obsolete equipment as suggested following.
  • No Guarantees. Remember that recycling centers do not typically guarantee data security with paper documents, let alone computers and peripherals.
  • Encryption. For further protection, even when they believe they have truly removed sensitive data files, some consultants will encrypt the entire disk drive before letting go of the machine. Some of the best disk encryption utilities may be found at www.pgp.com and there are other sources of data encryption software and hardware.
  • Hammer and Tongs. Some consultants take a brute force approach, opening the case and physically destroying memory components.
  • No Dump and Run. It is illegal in most localities to simply throw technology in the trash. Such laws exist because of the potentially harmful components in most computer systems and other technology hardware. These hazards include poisonous heavy metals, such as lead, mercury, cadmium and beryllium.

Notes

  1. EPA Fact Sheet, [PDF] November 2007, Figure 6 (11).
  2. For more on the ecological challenges of dealing with such waste, see blogger Thomas M. Abercombie, "eWaste and 100% Recycle," March 29, 2008. Abercombie discusses other studies and industry efforts, and his blog will likely remain current after this article is published.
  3. IBM, "In Focus," 2006. Article is © Copyright IBM Corporation 1994, 2008. All rights reserved.

Dr. Bob Spencer is an internationally recognized writer, lecturer and consultant. You may e-mail him drbob@tsif.com, or visit him at Twenty Seconds In the Future.

Last Updated: 04/02/2008


 
 
© 2009 Intuit Inc. All rights reserved. Intuit, the Intuit logo, QuickBooks, ProSeries and Lacerte, among others, are registered trademarks and/or registered service marks of Intuit Inc. or one of its subsidiaries. Other parties' marks are the property of their respective owners. Terms, conditions, features, pricing, support and service are subject to change at anytime without notice.
 
Accounting Solutions
QuickBooks Products for Accountants
QuickBooks ProAdvisor Program
QuickBooks Premier Accountant Edition
Intuit Statement Writer
Intuit Payroll Solutions
QuickBooks Solutions for Your Clients
 
ProSeries Tax Solutions
Professional Tax Software
Professional Tax Resources
Tax Document Management
E-File Resources
More Tax Practice Management Tools
Lacerte Tax Solutions
Professional Tax Preparation Software
Professional Tax Software Resources
Tax Document Management
Tax Analysis Software
More Tax Practice Management Tools
 
More Products & Solutions
Tax & Accounting Solutions for Your
Whole Firm
Intuit ProConnection Newsletter for Accounting & Tax Professionals
Intuit Product Discounts
Accept Credit Cards, Checks & More
Intuit Product Resources for Educators
Tax Professionals Wiki
More Tax & Accounting Productivity Products
More Tax & Accounting Services
 
Training Resources
QuickBooks Certification
Tax & Accounting Software Training
QuickBooks Accounting Software Training
Lacerte Tax Software Training
ProSeries Professional Tax Software Training
Additional Resources
Community
Support