Your Old Office Equipment Could Pose a Real Danger to Your Business
We live in the midst of a revolutionary age where unprecedented amounts of information are at our fingertips every day and nearly everywhere. Network computing, the internet, mobile devices, and smartphones have ushered in great advances in productivity at a scale that was unfathomable just a couple of decades ago.
A simple flash drive today can store the data equivalent of 100 or more computers from the mid-1990s. The real benefit of these tools is that they make large amounts of information easily accessible. That same accessibility, however, can also pose a real risk to your organization that is sometimes overlooked.
A Treasure Trove of Data on Old Devices
Consider for a moment all of the information stored on that old laptop computer that was retired and is now sitting on a shelf somewhere in the office. It is widely believed that over half of critical corporate data resides on unprotected PC desktops and laptops. (Source: Computer Troubleshooters. 2012).
That may be an obvious risk. But what about the information that is stored on your office copier or fax machine? Did you know that today’s “document management systems” have hard drives just like that laptop that store the documents that you just copied or scanned?
Unfortunately, nobody explained that to Affinity Health Plan, Inc., a managed care plan, who discovered this the hard way. In August 2013, they announced a $1.2 million settlement with the US Department of Health & Human Services for an alleged violation of the Health Insurance Portability and Accountability Act (HIPAA). They had apparently failed to dispose of data contained on a hard drive within a copier.
That same copier and its hard drive were later resold to a third party who discovered that it held the personal health information of more than 344,000 individuals on it. Simple oversights like this can quickly add up to significant financial losses. Today’s penalties for HIPAA violations can range from $100 to $50,000 per violation. Similar penalties apply for violations of the Graham-Leach-Bliley Act of 1999 (GLBA).
The Danger of a Data Breach
Given the potential cost of a data breach and in light of the ever-changing technological landscape, businesses must be especially wary of the danger posed by their retired office equipment. In practice, this means maintaining physical control and inventory records of unused equipment. It also requires identifying and removing the data-bearing components of the equipment and destroying or sanitizing those components so that the information they contain cannot be released into the wrong hands.
In some cases this can be easily done by the company’s IT department. A competent electronics recycler or asset management partner can be very helpful when an additional layer of security is desired or there is not a local IT resource on site.
How E-Cycletron Industries Can Help
E-Cycletron Industries specializes in data security and its personnel are trained to discover and remove all types of data-bearing components – hard drives, flash drives, magnetic tape, and disk media from a wide variety of equipment. Once removed, the data is destroyed following guidance established by the National Institute of Standards and Technology.