Dumping data: e-waste--yet another headache for government and corporations.Everyone worries about the safety of information. The technology industry is robust with firewalls, encryption systems, and network security hardware. Corporations hire chief security officers, facility security officers, install cameras and metal detectors and have their facilities and the employees "cleared." But often times the security breaks down at a place so simple it is often overlooked: the end of the life cycle for computer and electronic equipment. After spending countless hours and dollars protecting information while the electronic equipment is in use, old computers are often unplugged, put in a storage room, sent to a warehouse, donated or even given away or sold with the data still intact. The equipment enters a twilight zone twilight zone - [IRC] Notionally, the area of cyberspace where IRC operators live. An op is said to have a "connection to the twilight zone". where no one is really sure what its status is, what information may be on it, who has had access to it and how it should be dealt with. The paper shredding industry gained a foothold years ago and most companies now have on-site shredder trucks that make weekly visits to their facility. But one cannot forget that the paper being shredded was generated by the PC that may be sitting in the hallway totally unattended and unsecured. PCs and laptops are not the only devices where data lies unprotected. Telecom equipment, servers, PDAs, cell phones, fax machines, copiers, scanners, tape drives, back up drives, flash drives, thumb drives, even ribbon from dot matrix printers A printer that uses hammers and a ribbon to form images out of dots. It is widely used to print multipart forms and address labels. Also known as a "serial dot matrix printer," the tractor and sprocket mechanism in these devices handles thicker media better than laser and inkjet printers. and typewriters--all these devices are capable of storing and releasing data. Equipment disposal often is not a high priority within a corporate structure. No one wants to be the responsible party and no one wants to add another line item to their yearly budget. Depending on the company, the person responsible may be the IT manager, the facility manager, property manager, procurement, security officer or any combination of those areas. It is estimated that the cost of ownership of a PC is three to four times the purchase price of the unit. This includes all of the support for installing, maintaining, securing and licensing the piece of equipment. The end-of-life costs also must be considered. There are currently no less than four regulations mandating protection of private information. While some of these regulations are geared toward specific businesses or industries, some deal with information that organizations of all shapes and sizes will collect and maintain. In a world of constantly heightened security, government contractors need to be particularly vigilant in the management of their computers and data. Approximately 70 percent to 80 percent of used electronic equipment is shipped overseas for "recycling." The recipients include Thailand, Nigeria, Indonesia, China, India and Pakistan. In October 2006 the environmental watchdog organization Basel Action Network (BAN) traveled to Nigeria to investigate how imported e-waste is managed in that country. In addition to an environmental catastrophe, there was clear evidence of U.S. electronics in large quantities being dumped on this poor nation. Equipment was found with asset tags from mortgage companies, hospitals, state and local governments, federal agencies and financial institutions. BAN recovered several dozen hard drives and found data on many of them. Many U.S. electronics recyclers are actually brokers or exporters, who collect truckloads of electronic equipment, transfer them into shipping containers and send them around the world for a tidy profit. Developing countries are interested in the electronic material primarily for the metal commodities they contain--steel, aluminum, copper and the bits of precious metals Precious Metals Valuable metals such as gold, iridium, palladium, platinum, and silver. Notes: Investing in precious metals can be done either by purchasing the physical asset, or by purchasing futures contracts for the particular metal. found in circuit boards. But data often goes along for the ride, as well as a myriad of toxic chemicals including lead, mercury, cadmium, and others. Exporters are paid well for collecting container loads of equipment and shipping them to the receiving countries, with little or no environmental or security scrutiny. As a result, water, air and soil in the villages where this "recycling" takes place has become a health and environmental nightmare. [ILLUSTRATION OMITTED] Recent studies indicate that these items manufactured in China may contain high levels of lead linked to the large amounts of electronics dumped in China. It is illegal in the United States United States, officially United States of America, republic (2005 est. pop. 295,734,000), 3,539,227 sq mi (9,166,598 sq km), North America. The United States is the world's third largest country in population and the fourth largest country in area. to throw computer equipment in the regular waste stream. The Resource Conservation and Recovery Act The Resource Conservation and Recovery Act (RCRA), enacted in 1976, is a Federal law of the United States contained in 42 U.S.C. §§6901-6992k. It is usually pronounced as "rick-rah" or "Wreck-rah. (RCRA RCRA Resource Conservation & Recovery Act of 1976 RCRA Resort and Commercial Recreation Association ) stipulates that businesses generating substantial amounts of electronics equipment must have a documented and compliant program in place or risk being fined for RCRA violations. The firm that creates the waste must also perform due diligence Research; analysis; your homework. This term has caught on in all industries, because it sounds so "wired." Who would want to do analysis or research when they can do due diligence. See wired. in selecting a service provider. If the recycler is not managing the equipment in a responsible manner, the company that hired him can still be on the hook Adj. 1. on the hook - caught in a difficult or dangerous situation; "there I was back on the hook" dangerous, unsafe - involving or causing danger or risk; liable to hurt or harm; "a dangerous criminal"; "a dangerous bridge"; "unemployment reached dangerous for damages. Fines can be substantial. For violation of privacy regulations, penalties can run from $1,000, up to $100,000. In addition, officers and directors can be held personally liable for civil penalties of up to $10,000. Environmental violations can results in Superfund liability, which results in large dollar figures and often plenty of bad press. When equipment leaves a facility, it is important to know exactly where that material goes and what the process is to de-manufacture it. It is not enough to simply select an electronics recycler based on its website and a couple of phone calls. An on-site audit should be performed and the "commodity crumb trail" fully investigated. Electronic equipment is generally made up of various metals, plastic and glass. A true electronics recycler will de-manufacture the equipment in-house, break the equipment down into commodity values such as steel, aluminum, copper, plastic, glass, circuit boards and batteries, for further processing. Many IT professionals are convinced that they have the problem under control because they take care of the data at company-owned facilities. But even the best IT professionals are susceptible to errors in managing data. Several years ago, a large, secure government complex was performing an IT cleanout and hired a reputable electronics recycler who was already under contract with the federal government. The government IT security staff in charge of the project was confident that the hard drives had all been removed on-site before the equipment was picked up in a commercial tractor-trailer and transported to a recycling facility two hours away. Their recycler was aware of the need to closely scrutinize the equipment. Once the recycler began work on the material, it was clear that something had gone terrible wrong in the system. Hundreds of hard drives were found intact in the computers. Phone calls were made and a federal investigation was launched. For any facility manufacturing products for the Defense Department, the stakes are even higher. Not only will computer equipment contain loads of design, research and materials information. Prototypes and other manufacturing material generated at the facility must also be protected and properly destroyed. Think satellite equipment, communications equipment, weapons systems. Certainly the United States cannot risk these items being shipped around the world for "recycling". Another regulation that not always is fully understood by defense contractors is ITAR (International Traffic in Arms Regulations) U.S. State Department regulations that govern the export of restricted technology to foreign states other than Canada. , the International Traffic in Arms Regulations “ITAR” redirects here. For the Russian news agency, see Information Telegraph Agency of Russia. International Traffic in Arms Regulations (ITAR) is a set of United States government regulations that control the export and import of defense-related articles Act. Export-controlled data or material cannot be released to foreign nationals or representatives of a foreign entity without first obtaining approval or license from the Department of State or the Department of Commerce, for items controlled by the Export Administration Regulations See EAR. (EAR). One objective of the ITAR and EAR is to prevent foreign citizens, industry, governments, or their representatives, from obtaining information that is contrary to the national security interests of the United States. The penalty for unlawful export of items or information controlled under the ITAR is up to two years imprisonment Imprisonment See also Isolation. Alcatraz Island former federal maximum security penitentiary, near San Francisco; “escapeproof.” [Am. Hist.: Flexner, 218] Altmark, the German prison ship in World War II. [Br. Hist. , or a fine of $100,000, or both. The penalty for unlawful export of items or information controlled under the EAR is a fine of up to $1 million or five times the value of the exports, whichever is greater; or for an individual, imprisonment of up to 10 years or a fine of up to $250,000 or both. Physical destruction of devices is another consideration. Drilling a hole in a hard drive, smashing it with a hammer or cutting it in half does not eliminate the data. The data is stored on the plates within the hard drive. As long as there are large pieces of plate left whole, there is data that can be recovered by determined sleuths. Shredding the equipment to small fragments is the best way to ensure complete, unrecoverable data elimination. A good shredding system will also be able to go well beyond shredding hard drives and can also destroy all types of electronic equipment and manufactured equipment as well. Other methods for data destruction exist, such as overwriting Overwriting An options strategy that involves the sale of call or put options on stocks that are believed to be overpriced or underpriced. The options are not expected to be exercised. Notes: Also referred to as overriding. hard drives or degaussing de·gauss tr.v. de·gaussed, de·gauss·ing, de·gauss·es 1. To neutralize the magnetic field of (a ship, for example). 2. To erase information from (a magnetic disk or other storage device). hard drives. However, these methods only provide a solution for a partial list of data containing devices, and they are not necessarily the most stringent when compared to total physical destruction. The Defense Department requires the equipment being removed from military bases be physically destroyed and ultimately shredded into small fragments--a process dubbed "demilitarization de·mil·i·ta·rize tr.v. de·mil·i·ta·rized, de·mil·i·ta·riz·ing, de·mil·i·ta·riz·es 1. To eliminate the military character of. 2. ." Contracting officers' technical representatives are employed to verify the complete destruction of military equipment. [ILLUSTRATION OMITTED] The United States has instituted extraordinary security regulations since 9/11. All entities handling Defense Department information, or any high risk information have to carefully review their equipment disposal practices to reveal any weakness in the system. Regulations to consider when disposing of electronic assets include the following: Fair and Accurate Credit Transactions Act Under the Fair and Accurate Credit Transactions Act of 2003 (FACT Act or FACTA, Pub.L. 108-159) which was passed by the United States Congress on December 4 2003 as an amendment to the Fair Credit Reporting Act, consumers can request and obtain a free credit report The Fair and Accurate Credit Transaction Act (FACTA FACTA Fair and Accurate Credit Transactions Act of 2003 ) was designed to reduce the risk of consumer fraud and identity theft, and affects virtually every person and business in the United States. One provision is devoted solely to the proper disposal of consumer information. Irresponsible information disposal has been cited in numerous fraud cases. Identity thieves frequently collect a wealth of personal data by rooting through the trash--an activity commonly referred to as "dumpster diving dumpster diving - /dump'-ster di:'-ving/ 1. The practice of sifting refuse from an office or technical installation to extract confidential data, especially security-compromising information ("dumpster" is an Americanism for what is elsewhere called a "skip"). ." http:///www.ftc.gov/opa/2005/06/disposal.htm Gramm-Leach-Bliley Act The Gramm-Leach-Bliley Act, also known as the Gramm-Leach-Bliley Financial Services Modernization Act, Pub. L. No. 106-102, 113 Stat. 1338 (November 12, 1999), is an Act of the United States Congress which repealed the Glass-Steagall Act, opening up competition Specifically, this law requires protection against "unauthorized access to or use of such records or information which could result in substantial harm or inconvenience to any customer." http://www.ftc.gov/privacy/privacyinitiatives/glbact.html Health Insurance Portability and Accountability Act The Health Insurance Portability and Accountability Act (HIPAA) was enacted by the U.S. Congress in 1996. According to the Centers for Medicare and Medicaid Services (CMS) website, Title I of HIPAA protects health insurance coverage for workers and their families when As of April 14, 2003, the Health Insurance Portability and Accountability Act requires that entities handling personal healthcare information must protect such data in all of its forms. This includes not only paper files, but electronic media as well (hard drives, back up tapes). http://www.hhs.gov/ocr/hipaa/ Resource Conservation and Recovery Act The law covers electronic equipment that contains hazardous substances such as lead, mercury, chromium, cadmium and beryllium beryllium (bərĭl`ēəm) [from beryl ], metallic chemical element; symbol Be; at. no. 4; at. wt. 9.01218; m.p. about 1,278°C;; b.p. 2,970°C; (estimated); sp. gr. 1.85 at 20°C;; valence +2. . Because of the toxic characteristics, many computer components are considered hazardous waste Hazardous waste Any solid, liquid, or gaseous waste materials that, if improperly managed or disposed of, may pose substantial hazards to human health and the environment. Every industrial country in the world has had problems with managing hazardous wastes. . Each full size cathode ray tube See CRT. (hardware) cathode ray tube - (CRT) An electrical device for displaying images by exciting phosphor dots with a scanned electron beam. CRTs are found in computer VDUs and monitors, televisions and oscilloscopes. monitor contains about six pounds of lead in the glass. The new flat screens do not contain lead, but they do contain a little mercury. Under the Resource Conservation and Recovery Act, it is the responsibility of the person who creates the waste to characterize the waste (determine if it is hazardous) and to manage it appropriately. The generator may be subject to civil and criminal penalties if computers are sent to the landfill in regular trash. http://www.doi.gov/greening/waste/computer.html Sarbanes-Oxley Act See SOX. SOX relates to the computer recycling Most major Computer manufacturers offer some form of recycling, often as a free replacement service when purchasing a new PC. At the user's request they may mail in their old computer, or arrange for pickup from the manufacturer. industry in that it requires businesses, and specifically their top level officers, to be held accountable for corporate assets and controls. This applies not only to physical assets and property, but electronic data and record keeping as well. Accurate equipment inventories and data control for auditing purposes are key pieces of this legislation. http://www.sec.gov/spotlight/sarbanes-oxley.htm Family Educational Rights and Privacy Act The Family Educational Rights and Privacy Act of 1974 (FERPA or the Buckley Amendment) is a United States federal law codified at 20 U.S.C. 1232g, with implementing regulations in title 34, part 99 of the Code of Federal Regulations. The Family Educational Rights and Privacy Act (FERPA FERPA Family Educational Rights and Privacy Act (aka the Buckley Amendment) FERPA Fédération Européenne des Retraités et des Personnes Agées (French) ) (20 U.S.C. [section] 1232g; 34 CFR CFR See: Cost and Freight Part 99) is a federal law that protects the privacy of student education records. The law applies to all schools that receive funds under an applicable program of the Department of Education. http://www, ed.gov/policy/gen/guid/fpco/ferpa/index.html Lisa Collins
Lisa Collins is a former dean of Saybrook College at Yale University. External links
sales manager n → directeur commercial sales manager sale n → at Global Investment Recovery of Tampa, Fla. The company recycles electronics, extracts metals from circuit boards and demilitarizes equipment for the Defense Department. |
|
||||||||||||||||||||
Printer friendly
Cite/link
Email
Feedback
Reader Opinion