Security Risks of Discarding Old Computers
In an article for the current awareness service of the Law Society of Upper Canada, Dennis Maslo discusses what law firms should do to avoid environmental and information security risks when they decide to get rid of their old computers by sending them to a recycling firm.
As Maslo writes:
"Your computer systems contain a wealth of sensitive data — valuable client lists, private information regarding the personal and professional lives of your clients, and your firm's own proprietary information. Such information can be manipulated by a variety of competing interests to the disadvantage of your firm, and your clients, and so it must be carefully guarded – both when your hardware is in active use, and equally upon retirement."
(...)
"Many e-waste firms, regardless of how well they have grappled with the environmental impacts of their activities, have neither the necessary technical knowledge nor the required processes to adequately address essential matters of the Personal Information Protection and Electronic Documents Act (PIPEDA), client confidentiality, and privacy in general."
Maslo outlines a range or hierarchy of increasingly thorough "data destruction techniques" that the managers of electronic waste should know about, from demagnetizing to the physical shredding of disks.
Most of all, Maslo advises law firms to "diligently pre-screen your e-waste management company".
You don't want to add to pollution, but you also want to avoid having your confidential information, or rather your clientele's confidential information, finding its way into the hands of competitors or enemies or fraudsters, or on the front page of tomorrow's Globe and Mail.
Labels: information management, IT security, privacy
0 Comments:
Post a Comment
<< Home