Old computers: An IT department liability that's costing more
Resellers now want money to sanitize hard drives
Computerworld - Resellers of old computer equipment say they will no longer accept used equipment without charging for erasing hard drives to ensure they aren't held liable for exposing sensitive data.
Marc Sherman, chairman and CEO of WindsorTech Inc. in Highstown, N.J., a used IT equipment reseller, charges companies a flat $8.75 fee for performing a basic audit of used computer equipment and $10 to $30 for erasing disk arrays, depending on the disk's size.
"As the business developed over the years, we've gone into a world where data security is critical," he said. "The whole thing now is we're in a situation where we're reluctant to buy equipment unless we're fully indemnified. Otherwise, it puts us in a very dangerous situation.
"It's been an educational process for IT users. The information on a computer doesn't belong to the company. It belongs to the customer," he said.
Sherman said he believes his company is more trustworthy when it comes to ensuring data has been erased from drives before resale because his is the only publicly traded firm that resells used equipment and must answer to the U.S. Securities and Exchange Commission and the National Association of Securities Dealers.
Jill Vaske, vice president and co-founder of Redemtech Inc., a Columbus, Ohio-based recycler of PCs and other IT products, said that with the economy picking up, companies are just beginning to change out PCs and servers after holding on to them for longer than the normal three-year refresh cycle.
Redemtech manages end-of-life technology turnover for almost 100 Fortune 500 and Global 1,000 companies, making sure data isn't exposed when computers are reconditioned for continued use or given to charities.
"Our experience is [that] most resellers aren't minding the liability side of end-of-life equipment. They don't assume liability for reselling it," Vaske said.
Liability for any data exposed through the resale of technology equipment rests squarely on the company that created the data, according to Alan Burger, an attorney at the law firm of Burger, Trailor & Farmer in West Palm Beach, Fla. "You can't shift the risk by contract to a reseller," he said.
Burger sees a growing problem around data security and information privacy because of a number of laws that took effect over the past three years, including the Health Insurance Portability and Accountability Act, the Sarbanes-Oxley Act and the Gramm-Leach-Bliley Act, also known as the Financial Institution Privacy Protection Act of 2001.
"You're just getting into that computer changeover due to technology obsolescence now," he said. "You will have billboards on both sides of the highway saying, 'Was your health informationexposed? Call ABC attorneys.' "
Examples of the necessity of data protection abound. For instance, in January 2003 a disk drive with 176,000 insurance policies was stolen from Guelph, Ontario-based Co-operators Life Insurance Co.
In response to such events, California adopted a new law, SB 1386, which went into effect July 1, 2003. It requires any company that stores information about California residents to publicly divulge any breach of security affecting that data within 48 hours.
Said Sherman: "These regulations ... are really validating our business model."
Read more about Security in Computerworld's Security Topic Center.
- Best iPhone, iPad Business Apps for 2014
- 14 Tech Conventions You Should Attend in 2014
- 10 Desktop Apps to Power Your Windows PC
- How to Add New Job Skills Without Going Back to School
- Slideshow: 7 security mistakes people make with their mobile device
- iOS vs. Android: Which is more secure?
- 11 sure signs you've been hacked
- The 12 PCI DSS 3.0 requirements addressed by Peer 1 Hosting This handy quick reference outlines the 12 PCI DSS 3.0 requirements, who needs to be compliant and how Alert Logic solutions address the...
- Defense Throughout the Vulnerability Life Cycle This whitepaper provides insight into how to leverage threat and log management technologies to protect your IT assets throughout their vulnerability life cycle.
- Mobile Policy Checklist Here's what to consider when putting together a mobile policy designed to support a highly productive workforce.
- Securing BYOD Mobile computing is becoming so ubiquitous that people no longer bat an eye seeing someone working two devices simultaneously. Individuals and organizations are...
- Live Webcast On-demand webinar: "Mobility Mayhem: Balancing BYOD with Enterprise Security" Check out this on-demand webinar to hear Sophos senior security expert John Shier deep dive into how BYOD impacts your enterprise security strategy...
- Live Webcast Endpoint Backup & Restore: Protect Everyone, Everywhere Arek Sokol from the bleeding-edge IT team at Genentech/Roche explains how he leverages cross-platform enterprise endpoint backup in the public cloud as part...
- Streamline Software Asset Management, Compose a software Management Symphony Keeping track of your organization's software is easy with effective software management solutions from CDW. View the videos in our software solutions channel
- Druva inSync: Endpoint Data Protection & Governance CLICK HERE to watch this video about protecting corporate data on laptops and mobile devices, sponsored by Druva. All Security White Papers | Webcasts