Software suppliers are trying to make their software packages more ‘user-friendly’…  Their best approach so far has been to take all the old brochures and stamp the words ‘user-friendly’ on the cover.
-Bill Gates

Navigating the federal laws regarding data destruction can be a chore. Here is a short summary of federal data security laws, as they apply to data destruction.

The Fair Credit Reporting Act (1996) and it's revision, the Fair and Accurate Credit Transactions Act (2003)

This act's data destruction standards apply to both Credit Reporting Agencies (CRAs) and "furnishers to CRAs". CRAs include credit reporting agencies, check verifiers - anyone that provides consumer credit reporting to other companies. Furnishers include anyone that receives data from or provides data to CRAs (this is an awfully big category).

Like most of these federal acts, FCRA does not mandate a specific method of data destruction, just that electronic data be disposed of in such a way that it is "erased and unrecoverable" - in short, it's not enough to erase your electronic data, it must be destroyed thoroughly enough that it cannot be reconstructed.

The Health Information Portability and Accountability Act (1996)

Most of us have heard of this one - if you are in the medical field, it may be the bane of your existence. HIPAA is an omnibus medical data bill that applies to anyone that holds patient data; hospitals,

physician offices, insurance companies and others. The simple thing, from a data destruction point of view, is that it follows practically the same data destruction standard as the FCRA - the language is just slightly different. HIPAA's language states that the electronic data must be destroyed to the point that it "cannot be practicably read or reconstructed".

The Gramm-Leach-Bliley Financial Modernization Act (1999)

Remember how the FCRA covered consumer credit data? This one covers consumer financial data. Again, it applies to both holders of the data (banks, lenders, CPAs, auto dealers, collections agencies) and furnishers of/recievers of data from them. There is substantial overlap between FCRA and GLB in terms of who is covered per data destruction - it is entirely likely that a company covered by one is covered by the other. Again, the data destruction language is the same as that of the FCRA - "erased and unrecoverable" meets the standard.

While there are other federal data laws (for example, Sarbanes-Oxley that applies only to publicly held companies), these "big three" are the most commonly cited and apply to the most businesses. As always, make sure you are in compliance - not just to be protected from fines caused by violations, but to protect your customer and business data as well. Use a reputable recycler who verifies the destruction of your data.

Once your PCs have gone to your recycler, what happens next? Do you know where your material goes? Checking your recycler's downstream report is vital to protecting your company from liability. When you get a downstream report from your recycyler, do your due diligence. Check out the processors they use for commodities - it is your material that is going there, and it is often your liability if the facilities are not doing the right thing.

Processors outside the US should raise red flags. Domestic processors are almost always safer than foreign, because the EPA has strict regulations regarding e-scrap processing, and they do a very good job enforcing those rules. Many developing countries have lax or even non-existent environmental laws.

Additionally, China, Russia and Mexico now generate the bulk of the world's cases of identity theft - one of the primary sources of these stolen identities is American PCs dumped there illegally by phony "recyclers".

60 Minutes recently did a story (link) on the dangers of Chinese e-scrap processors. In

China, in the town of Guiyu, 7 out of 10 children have too much lead in their blood, and 6 in 10 pregnancies end in miscarriage in one of the most toxic environments on Earth. Toxic because it is the dumping ground for "recyclers" who are sending their material to China, where the valuable commodities are stripped out and the remaining hazardous material is dumped. Although EPA regulations now prohibit shipping e-scrap material to China, some operators still use "front" companies in Taiwan to ship the material there.

Closer to home, The two processing firms in Mexico that handle computer and television CRTs, Source-Loyalty Recycling Mexicana and Technologies Displays Mexicana, have recently been prohibited by both the Mexican government and the EPA from receiving shipments of monitors and televisions from the US. It turns out they were processing CRT glass with no authorization or certification to do so. (Story here)

So just a reminder - when you get that downstream report, check it out. And if something on there looks fishy, dig until you find an answer - it's not worth the trouble and liability you may get into if you don't.

Yes, I know, they make those cute little cans of compressed air and sell them at the office supply store, but please please please do not use them to clean out your PC.

The reason is simple; all the plastic in your PC is treated with Bromine to make it fire resistant, and most of the solder on your circuit boards is made of lead. Several studies have now confirmed that all of that dust sitting in your PC is probably contaminated with these elements (story here). So if you use that cute little can of air, you're going to blow dust contaminated with lead and polybrominated diphenyl ethers (PBDEs - see, it even sounds serious) all over the room and possibly - yep, I'll say it - right up your nose.

So how should you clean your PC? It's very simple. First, get yourself one of those cute little hand-sized vaccuum cleaners they have on the shelf next to the cans of air at the office supply store. Now, of course, turn your PC off and unplug it from the wall. Then, get a paper towel and wipe off all of the air intake grills from the

outside, to clean them and knock what dust you can back into the inside of the PC. Now open the side cover of your PC and we can get to work.

Your PC is, other than fans and drives, a solid-state machine that will continue to run no matter how dirty it gets, provided it has enough airflow to keep cool. So first, take your paper towel and wipe the fan blades clean. You should have a fan in the center over your CPU, and possibly a side or front/back fan. Your power supply (the big metal box the plug goes into) may have a fan, but don't touch it, because the power supply is a high-current object.

Now that you have wiped the fans clean, use your paper towel to knock any other dust off the circuit boards and into the bottom of the PC. Get your vaccuum out and suck up the dust from the bottom of the case. Close it back up and voila! your PC is clean - and you didn't just inhale something that human mouths cannot pronounce.

Merry Christmas!

Joyeux Noel!

Frohliche Weihnachten!

Natale Hilare et Annum Faustum!

Boze Narodzenie!

Prejeme Vam Vesele Vanoce a Stastny Novy Rok!