Can you remember what happened to the IT manager responsible for the disposal of IT assets from the medical insurance company Affinity Health Plan? Alternatively, can you remember what happened to the IT manager responsible for the disposal of IT assets used by the Police Sex Crimes Division in Buffalo, N.Y.? If you cannot recall either story then allow me to jog your memory.
A few years ago an investigative journalist went around visiting IT asset recycling companies. He took with him a wallet stuffed with about $1200 and an IT data security expert. Within a few hours they had purchased 4 retired IT assets that had been used in everyday business activities.
Within a few minutes of getting this hardware home they discovered one IT asset was from the Buffalo, N.Y. Police Sex Crimes Division. It then took just 30 more minutes to start downloading tens of thousands of police documents. The results were shocking. From the sex crimes unit there were domestic violence complaints, a list of wanted sex offenders and even a list of targets of major drug raids.
The story does not end there. The journalist and his IT security consultant then went on to find a total of 300 pages of individual medical records gathered by Affinity Health Plan, a New York insurance company, on another retired IT asset. These records included everything from drug prescriptions to blood test results and cancer diagnosis’s.
These discoveries raise two questions. First, how could the IT managers responsible for this hardware during its working life have allowed this to happen? Second, how could the IT asset disposal company have sold this hardware with sensitive data still on it?
Could it be that buying old retired hardware is a modern alternative to the old hacker practice of dumpster-diving?
We’ve all heard the terms - AAA, R2:2013, e-Stewards, NAID, HIPAA or ISO 14001 being thrown around like confetti to show how security conscious IT asset management companies are. But can you really trust any of these badges? It is a serious question because if you are responsible for disposing of your company’s old IT assets and you make the wrong choice then you could be off to prison. Seems crazy doesn’t it, but the chain of responsibility ends with you. That is why you must always ask for your IT recycler to provide you with certification that proves they will correctly dispose of your IT assets.
NewTech Recycling Inc. offers fully itemized audits of the IT assets you want recycled or remarketed (resold) to ensure that you and your company are protected from prosecution. Newtech also offer data destruction services that provide the serial numbers of each hard drive destroyed. The one thing you can be assured of is Newtech’s integrity. Newtech prides itself on a professional, compliant and supportive turnkey IT asset recycling service.
For more information call: 732-564-3110 or visit: NewtechRecycling.com