In terms of legal compliance, there are a host of laws that affect computer recycling and data destruction. Many of these laws deeply impact our corporate clients. Some of these laws are concerned with larger issues, but have specific mandates or language that affect data protection and electronics recycling. Certain statutes carry significant penalties for non-compliance. In fact, the average cost for a corporate data breach is $5 million according to this article based on research by the Poneman Institute.
Many states have laws regulating how a company or organization in posession of data must dispose of personal information. Such laws protect data if the holder decides it no longer wants to maintain that data.
There are generally two types of data destruction laws: those that specifically enumerate how the data must be destroyed and those that mandate the use of a disposal system that meets a reasonableness standard. Some states include both types, though most choose only one. States that fall into the first category typically use some variation of the following regulation: “Businesses must take all reasonable steps to destroy records by shredding, erasing, or otherwise modifying the personal information to make it unreadable or undecipherable.” Note that the statute defines how the records must be destroyed and what the final outcome of the process must yield. States that have passed this type of law include:
- Arkansas
- California
- Georgia
- Indiana
- Kansas
- Massachusetts
- Michigan
- Montana
|
- Nevada
- New Jersey
- New York
- Oregon
- Rhode Island
- Texas
- Vermont
|
The second type of data destruction law provides that: “businesses shall maintain reasonable security procedures and practices appropriate to the nature of the information to protect from unauthorized access, destruction, use, modification, or disclosure.” States that adopted this form of a records destruction law are:
- Arkansas
- Colorado
- Illinois*
- Maryland
- Nevada
|
- North Carolina
- Oregon
- Utah
- Washington
|
If your business operates in one or more of the above states, you should ensure that you are properly destroying any unneeded data. Improper destruction of records could lead to liability, unnecessary expense, and wasted time. More and more states are adopting and enforcing these laws you do not want to be caught unaware.
* Applies only to state agencies.
|
