Data security and legal compliance within the Information Technology space were once reserved for industries that dealt with particularly confidential information – like hospitals, banks, and insurance companies.
But with a growing number of laws and regulations (as well as many regulating bodies), companies in every industry should invest the time to understand which laws and regulations apply to them and then build plans to ensure compliance. This is especially true when buying or selling refurbished IT equipment.
Failure to follow refurbished IT equipment laws can not only lead to financial consequences in the form of steep fines, but it can also damage your brand’s reputation with customers.
At most companies, executive leaders are responsible for adhering to legal and regulatory requirements. Many leaders opt to work with external vendors who have expertise in refurbished IT equipment laws and can help them sort through the complexity to ensure they’re compliant.
Data security and legal compliance for refurbished IT assets
Data security and related laws and regulations are expanding. And the list of industries that must comply with refurbished IT equipment laws is increasing. Following is an overview of fundamental laws and regulations at the international, federal, and state-level that IT leaders and their vendor partners should understand.
- The Federal Trade Commission’s Gramm-Leach-Bliley Act (GLBA) requires financial institutions to explain their information-sharing practices to customers and safeguard sensitive data.
- The Sarbanes-Oxley Act (SOX) is a law passed by Congress that supplements an existing act by the Securities and Exchange Commission. It helps protect investors from fraudulent reporting by corporations and includes strict recordkeeping requirements along with steep penalties for violating securities laws.
- The Health Insurance Portability and Accountability Act (HIPAA) is a federal law that requires standards to protect sensitive patient health information from being disclosed without the patient’s consent. In particular, its Privacy Rule outlines the types of organizations that must comply.
- The Federal Trade Commission’s Fair and Accurate Credit Transactions Act (FACTA) amended the Fair Credit Reporting Act to improve consumers’ credit information accuracy.
- The Family Educational Rights and Privacy Act (FERPA) is a federal law that protects student education records’ privacy and applies to all schools that receive funds from the U.S. Department of Education.
- The California Consumer Privacy Act gives consumers more control over what personal information companies can collect about them and applies to companies doing business in or with California.
- The General Data Protection Regulation is considered the strictest privacy and security law in the world. Passed by the European Union, it holds organizations worldwide (that do business in or with Europe) to high standards for data protection and privacy. Non-compliance results in steep fines.
This brief list alone highlights the complexity IT leaders face when buying or selling refurbished IT assets and ensuring compliance throughout the process. And the list will continue to grow and change over time.
Environmental and industry-standard considerations for refurbished IT assets
In addition to complying with data security laws and regulations, you also want to ensure you comply with all federal, state, and local regulations governing environmental risks.
There are now 25 states with laws regarding electronics recycling and disposal and two federal regulations – The Comprehensive Environmental Response, Compensation, and Liability Act (CERCLA), commonly known as Superfund, and the Resource Conservation and Recovery Act (RCRA). Both of these govern hazardous waste and its disposal.
Finally, you want to ensure your IT asset vendor follows all industry standards related to refurbishment. For example, ask how they’re wiping your data-carrying IT assets clean and whether they’re using industry-standard software/processes to remove your data.
Also, confirm your vendor conducts an audit to check their processes against the standard and then provides you with a detailed report.
What’s your plan to manage refurbished IT equipment laws and regulations?
Most companies are now responsible for understanding one or more of the laws or regulations outlined here. As such, you must have a plan in place to manage refurbished IT equipment laws whether you’re buying or selling.
One way to accomplish that is to partner with a knowledgeable IT asset vendor who understands your industry. They should be willing to talk openly and transparently with you about refurbished IT equipment laws that may affect you and take measures to address your specific requirements.
At Summit 360, we recognize the risks you’re facing and have strict standards in place related to data security and the environment. We comply with all refurbished IT equipment laws and provide detailed audit and settlement reports so you can rest assured you’re compliant and avoid all scenarios that could harm your brand, customer reputation, or financial position.
Have questions? Contact us today.