Rethink Risk for IT Asset Disposition

Mar 15, 2019

If you’re around long enough, you pick up a few tricks. For example, most people know that they can fight a minor speeding ticket in court by simply asking when the radar gun was last calibrated. This is a low-priority task that many police departments neglect, so there’s a good chance you can get a traffic violation dismissed without having to pay for the ticket.

It’s shady, to be sure, but it’s a bit of a legal loophole. Unfortunately, the law is riddled with such issues, and as a business owner, you need to take care to avoid them if you want to prevent damaging lawsuits. One such problem that many businesses are coming up against more and more frequently centers on IT asset disposition (ITAD), or lack thereof.

It’s not uncommon for business owners to minimize priority for ITAD procedures because equipment and devices are encrypted or the risk of data breach from these devices is perceived as minimal. This attitude, however, will not help you should a data breach occur and your company is found to be lax when it comes to ITAD processing. Here’s what you need to know.

The Legal Issue
The problem is this: businesses that accept confidential data from consumers have a legal obligation to keep it secure. This is dictated by federal, state, and even local privacy laws, in some cases, as well as industry standards like HIPAA and FACTA that pertain to medical and financial data, respectively.

Intent to destroy information doesn’t count. Nor does the fact that data is encrypted on equipment or devices. More and more companies that suffer data breaches are coming up against the legal argument that they ignored regulatory requirements in allowing devices containing data to linger on-site or in storage when they had plenty of opportunity to dispose of them.

Even if the breach didn’t originate with such devices, the legal argument is that companies that are negligent in one area are negligent in others. This can not only result in significant monetary penalties in class action lawsuits, but it can irreparably damage your reputation and impact your ability to continue doing business.

What You Can Do
The main thing you need to be able to do is defend your ITAD policies and procedures, to show beyond a shadow of a doubt that you’re going out of your way to comply with applicable privacy laws and keep sensitive data secure. The best way to do this is with clear policies, procedures that are strictly adhered to, and a record of compliance.

Partnering with a certified ITAD service provider is probably your best bet. A good service will provide your business with locking bins for on-site security, scan device barcodes or serial numbers on pickup, and securely transport devices to their facility for safe storage pending disposal.

They’ll also provide tracking capabilities through a 24/7 portal, and deliver Certificates of Destruction and Recycling following disposal, as proof for your records. With these steps and verifications in place, you’ll significantly reduce risks and gain the ability to defend ITAD processes in court.

Looking for a reliable ITAD partner in the Sioux Falls, SD area? Contact the qualified professionals at SEAM today at 605-274-7326 (SEAM) or online to learn more.

SEAM provides data destruction services including onsite shredding hard drive shredding and hard drive wiping to South Dakota, North Dakota, Minnesota, Iowa, and Nebraska.

View our service area, schedule a pickup or contact us for more information.