Archive for April, 2015

In the News: Study Shows Recycled Computers Give Away Personal Information

A study commissioned in Australia by the National Association for Information Destruction (NAID), a non-profit, data protection watchdog agency, has found significant amounts of personal information left on recycled computers.

According to NAID CEO Bob Johnson ,” The study is rather simple. We randomly purchased 52 recycled computer hard drives from a range of publicly available sources, such as eBay. We then asked a highly reputable forensic investigator, Insight Intelligence Pty.Ltd, to determine whether confidential information was on those drives. The procedure used to find the information is intentionally very basic and did not require an unusually high degree of technical heroics. Had the data been properly erased, it could not have been found.”hard drive photo good

The result: private, sensitive information was found such as medical records, bank account holder’s personal information, confidential client correspondence and billing information – pointing to hard drives from businesses and medical facilities. Some of the hard drives pointed to being previously owned by individuals because they contained private images, videos and details of a highly personalized nature.

The study continued to note that where private information was found, there were some indications that someone had attempted to remove the information but failed to do so.

Mario Bekes, Insight Intelligence’s managing director warned that “businesses and individuals take a big risk by attempting to erase hard drives themselves. It is not a do-it-yourself project.” Bekes also encourages businesses and consumers to seek out a certified recycling company with technical expertise and who take data destruction seriously.

[Source: NAID-ANZ Secondhand Hard Drive Study]

INDUSTRY NEWS: Majority of e-waste collected in 2014 not recycled correctly

Waste Dive Brief:
By Nicole Wrona | April 21, 2015 Re-Printed from Waste Dive Website

According to a new report, The Global E-waste Monitor 2014: Quantities, Flows and Resources, the volume of electronic waste discarded around the globe reached 41.8 million tons in 2014. Less than one-sixth of that was considered to be reused or recycled properly.
The report, released by the United Nations University, concluded that almost 60% of e-waste generated worldwide was comprised of kitchen, bath, and laundry appliances.
Two countries, the U.S. and China, disposed of almost one-third of the world’s total volume of electronic waste last year.

Dive Insight:

Computers, cell phones, printers, and other technology made up 7% of the waste; small household appliances like microwaves and toasters accounted for 12.8 million tons of waste; screens made up 6.3 million tons of waste.

The 41.8 million tons of electronics tossed in 2014 had a potential value of $52 billion worth of reusable resources. The report estimates that electronic waste thrown out in 2014 had approximately 16,500 kilotons of iron, 1,900 kilotons of copper and 331 tons of gold, not to mention quantities of silver, aluminum, and palladium.

DON’T BE A 20/20 INVESTIGATION

The last thing you want is to have David Muir ringing your doorbell because an employee left a laptop at Starbucks. This is how data breaches can start, and you are left holding what’s left of your reputation in a paper bag.

Did you ever consider how much information is on your cell phone, IPad and laptop? Think about all the hardware in your office that also contains sensitive data. What happens to it all when you upgrade your hardware? Are PCs stuffed into closets or are they donated without giving thought to the information on the hard drives? If you are part of a corporation or government office, one discarded, geriatric computer could mean utter destruction of your reputation and revenue.

Fortunately for us, there are measures we can take to make sure your data is safe after electronics have worn out their use.

“R2/RIOS™ certification is solely for electronics recyclers to demonstrate to customers that electronics equipment is being recycled with the highest standards for environmental protection, worker health and safety, and data privacy, and facility security. R2/RIOS™ is a combination of the Responsible Recycling (R2) Practices and the Recycling Industry Operating Standard™ (RIOS™).

R2 was developed by a broad-based cooperative of electronics recycling stakeholders that included the U.S. Environmental Protection Agency (EPA), state governments, manufacturers, recyclers, trade groups and non-governmental organizations. RIOS™ is the sole program on the market that combines quality, environmental, health and safety requirements in a single management system.”*

The National Institute of Standards and Technology (NIST) has also developed guidelines for data destruction and e-Waste security to protect your name from being added to this list.

NIST 800-88 Hard Drive Destruction/NIST 800-88 Data Destruction Guidelines: This document assists organizations in implementing proper and applicable techniques and controls for hard drive data disposal. Even the Internal Revenue Service follows the guidance set forth by NIST. Along with NIST, The National Security Agency (NSA) and the Health Insurance Portability and Accountability Act (HIPAA) also uphold strict regulations.

Compliance requires more than simply shredding or erasing hard drives. Proper reporting is required under NIST 800-88. The following information is only a portion of the guidelines set forth by the National Institute of Standards and Technology.

Wiping: “Wiping” a hard drive refers to using specialized software to purge a drive of all accessible data. The upside to this method is that the device is still usable after the process because nothing has affected the hardware.

The downside is that wiping software cannot be guaranteed. The process is lengthy, tedious and open to human error.

Degaussing: Degaussing involves a process where a hard drive is exposed to a high powered magnetic field which changes the alignment of the magnetic domain where the data is stored, thus “erasing” the data.

When functioning properly, the process can be effective. However this process is lengthy and also affected by human error.

Shredding: Shredding is the safest and the most secure option for data destruction because the hard drive or device is physically shredded into tiny particles.

The benefits of shredding? The process is fast and final. You can choose to watch it happen either in person or by video so you can be assured that all your items have been properly disposed. Afterwards, you will get a certificate of destruction.

Although there are different options for handling your data destruction needs, shredding is the only fail-safe solution to guarantee that your sensitive information never ends up in the wrong hands.

*R2/RIOS

Eight Items you Didn’t Know you Could Recycle

Most people know by now that recycling helps save our Earth. With the number of landfills in the United States increasing, and the majority of waste in these landfills being electronics waste, there is so much more work that needs to be done in reducing waste and keeping the environment safe.electronic-waste-trashcan

What exactly is e-Waste?

What exactly is e-Waste and what can be recycled? The term “e-Waste” is an abbreviation of “electronic waste”. According to StEP (Solving the eWaste Problem), who is a United Nations partner organization, “E-Waste is a term used to cover items of all types of electrical and electronic equipment (EEE) and its parts that have been discarded by the owner as waste without the intention of re-use.”

End-of-life televisions, computers, copiers, laptops, monitors, medical/lab equipment, refrigerators and GPS devices are just a few examples of e-Waste that needs to be recycled rather than thrown away.

Where does all the e-Waste go?

Accelerating product innovations and replacement – especially in ICT (Information and Communication Technology) and office/medical/lab equipment – combined with the change from analog to digital technologies (ex. to flat-screen TVs and monitors) – are feeding the increase. Fueling this growth is the decrease in the cost of electronic items making them more affordable to consumers.

As more electronics are manufactured, and subsequently replace their out-of-date cousins, where do all the old ones go?

Some of us do try to re-use and recycle our old electronics. However many of us also have e-Waste that remains in basements, attics and storage rooms – out of sight, out of mind.

Although we are doing a better job of recycling paper and cardboard, more attention needs to be given to e-Waste and its proper disposal. Many have steered away from recycling certain products because they weren’t aware that these items can be re-used and recycled – or simply thought it was inconvenient and stashed them away for another day.

PCS of Massachusetts CEO Lisa DiPaolo Bacewicz amidst the current stream of electronics in the process of being recycled at her facility in Weymouth. Chris Bernstein photo

PCS of Massachusetts CEO Lisa DiPaolo Bacewicz amidst the current stream of electronics in the process of being recycled at her facility in Weymouth. Chris Bernstein photo

In addition to recycling computers, printers and such, the following list contains eleven items often thrown away in the past, but can be re-used and recycled today. These items are not allowed in door-side recycling bins. Call a certified electronics recycling company to help you properly dispose of the following items.

1) Batteries: The more batteries that end up in landfills, the more volatile the landfills become – bad for our Earth.

2) VHS and cassette tapes: Are you still holding onto leftover VHS and cassette tapes? These items can be recycled.

3) Ink jet and laser cartridges: Most people toss the empty cartridges in the trash which is a no no.

4) CDs, DVDs, Game Disks: These plastic orbs are stuffing our landfills. These can be efficiently shredded at a responsible recycling company.

5) Fluorescent Bulbs (CFLs): Energy efficient- yes – but there are hidden dangers sealed inside each little bulb, such as Mercury, where the contents of one light bulb contains enough mercury to contaminate 6,000 gallons of water.

6) Cell phones: Only 10% are re-used. In a recent announcement made by the International Telecommunications Union (ITU) at this year’s Mobile World Congress “There are more in-use cell phones than there are people on the planet right now.” Where will all the old phones go?

7) Cameras/Camcorders: As technology advances in camera technology, where are all the out-of-use cameras going? Recycle them instead of tossing into the trash/landfills!

8) Power Cords/Power Supplies: As the end-of-life electrics are rendered obsolete – so go their power supplies.

What can we do?

Contact a certified, responsible recycling company who will advise you as to how to properly dispose of your e-Waste. Help keep our environment safe!

Four Tips to Protect your Data

Data breaches from cyber attacks are all over the news today. Although these types of security breaches are becoming more common, and more devastating, to the organizations and people involved, there is another kind of breach that is just as alarming.

Often times, informal transportation or improper storage of end-of-life electronics are the culprit. In untrained hands, sensitive information can be leaked, stolen or lost on the way to recycling centers or can be forgotten in dusty storage areas.

Consumers and businesses alike should be aware that electronic waste that is not disposed of properly poses a threat to sensitive data left on the devices. Finding a responsible electronics recycler will eliminate the risk of data breaches and grant the much-needed peace of mind that companies and individuals need.

Implementing a positive plan to combat electronic waste data breaches is the only realistic way to ensure that sensitive information remains safeguarded for end-of-life electronics.

Here are four tips to protect the valuable data contained on devices within your home, organization or business:

1. Get the best third party data destruction provider available

Laws and regulations ban dumping e-Waste into landfills and require specific methods for collection and disposal based on government guidelines.

When electronics devices reach end-of-life or are no longer wanted, relying on disposal plans managed by employees and staff for data destruction and e-Waste disposal is not effective, and leaves companies open to liability for breaches.

Instead, rely on a responsible R2/RIOS certified company with secure measures in place to handle the proper recycling of e-Waste and secure destruction of the information on hard drives and other data devices.

2. Avoid long-term storage of end-of-life devices

Long-term storage can increase the risk of loss or theft, which leads to serious data breaches. In fact, many data breach cases are the result of computers left to sit in off-site storage facilities with little or no regulation or supervision of the information contained on hard drives and storage devices.

Rather than choosing to place end-of-life devices in storage, creating an electronic waste disposal plan is the better choice. The plan should ensure that storage time is minimal or completely eliminated, thereby decreasing the risk of theft, loss or inadvertent exposure of sensitive information.

3. Know the laws on data destruction

Here in the U.S., most states with electronic recycling laws also require vendors to follow government regulations to ensure that consumer information remains safe. It is important to be aware of which guidelines apply to your organization and to organize an electronic waste disposal plan around them.

4) The best tip of all is too choose a responsible, certified electronics recycler who provides secure data destruction. This is the most effective way to ensure proper management and secure destruction of sensitive information contained on the hard drives of electronic drives.

Recycle with data security at the forefront

We live in a world where company and personal information is a highly valued commodity. It is crucial that companies do everything they can to stop their sensitive information from falling into the wrong and most devastating hands.

Recent mega-breaches by the numbers*:

Target: 40 million – The number of credit and debit cards thieves stole from Target between Nov. 27 and Dec. 15, 2013

eBay: 145 million people affected

JP Morgan Chase & Co.: 76 million households and 7 million small businesses affected

CHS Community Health Systems: 4.5 million people affected

Michael’s Stores: 2.6 million people affected

Neiman Marcus: 1.1 million people affected

The result?

Mega breaches are mega expensive! The average cost of a data breach for a company is $188 per record. Based on an average 28,765 records per US breach, one study identified a total organization cost of $5,403,644 per data breach.*

A call for change!

According to eWeek, “An alarming number of widely publicized data breaches is sparking change in the attitudes of business leaders and consumers when it comes to cyber-security. Consumers and regulators alike are demanding more communication and remedies from businesses after data breaches occur. As a result, the topic is one of the highest priorities facing businesses and regulators in 2015.”

Although the spotlight has been on infiltration by a criminal hacker, breaches can happen as a result of a company’s negligence in handling its end-of-life electronics; computers, hard drives, cell phones and all other data-bearing devices.

It is a paradox that while electronic waste is entering the waste stream at an accelerated pace, there’s little to no information on what happens to e-waste in the end – and the chaos that can ensue if not handled properly and responsibly.

By carefully reviewing an organization’s electronics and data disposal process, companies can nip the problem in the bud.

How can we do our part in helping to thwart data breaches?

Make it a top priority to outsource the management of unwanted electronics equipment to those who are qualified and experienced in handling recycling and data security management.

Be sure to use a R2/RIOS Certified, responsible recyling/data destruction company. These are highly regulated companies who achieve the highest level of excellence. Look for other certifications and compliances as well – HIPAA, DoD, NIST, NAID, NSA. For more information, check out WWW.PCSMASS.com

* According to the 2014 Ponemon Institute Report

** In May 2013, the Ponemon Institute released its 2013 Cost of Data Breach Study: Global Analysis (“Ponemon Study”),