Proper IT asset disposition is imperative for your business. Without a secure chain of custody, millions of people’s sensitive data can be stolen and sold into the wrong hands. When data becomes compromised, it can lead to millions or even billions of dollars in lawsuits and the breach of human privacy. There are numerous companies that have experienced this ITAD nightmare, from giants like Coca-Cola to smaller entities like the Nutley Board of Education in New Jersey. No matter who it is, the reality is that ITAD horror stories are real, and so are their consequences when it comes to the integrity of the parties involved. In this article, I’ll be sharing some of these stories in hopes that your company will think twice about its ITAD solution and how you are protecting the sensitive data of your customers and employees.
The City of Columbus
Our first ITAD horror story takes place in Columbus, Ohio where The Columbus Dispatch reported that the City of Columbus may not have been properly disposing of its old computers. This improper disposal put the city at high risk for data-theft according to Gene Spafford, a professor from Purdue University. Doug Caruso, the author of the original article in the Dispatch, says that although the city does use a tech disposal company that offers a certificate of data destruction, it does not keep tabs on all of the equipment it disposes of. By not keeping detailed records of retired or disposed assets, the city is wide open to theft of this equipment since no one would know for sure whether or not the equipment was there to begin with.
The City of Columbus has a history of data breaches, with one occurring in 2007 when 1.3 million citizens had personal information put at risk when a data tape was stolen from an intern’s car. Surmounting carelessness in this city with its ITAD solutions could cause an even more serious scenario to arise, like the one involving the BlueCross BlueShield of Chattanooga.
BlueCross BlueShield of Chattanooga
In 2009, the BlueCross BlueShield of Chattanooga found itself facing penalties from the U.S. Department of Health & Human services. It was discovered that 57 hard drives were stolen from a storage closet within the company. These hard drives contained audio and video of customer service phone calls whose conversations divulged personal information from 1 million customers. The obvious issue here is that rather than implementing a proper ITAD solution for their retired assets, the company carelessly stuffed their retired assets in an unsecured closet where they were easily stolen. In the end, BlueCross BlueShield shelled out $1.5 million in penalty fees to the U.S. government and were forced to enact a 450-day corrective action plan for violating stringent HIPAA laws.
The Coca-Cola Company
Our next ITAD horror story occurred within a company known for having the highest security standards and safeguards. In January of 2014, the Coca-Cola company received news that 74,000 people had their personal data compromised when 55 company laptops were said to be stolen from the company over a period of 6 years. The data on these laptops included the social security numbers and driver’s license ID numbers of former and current employees, as well as contractors and vendors that worked with the company. This incident occurred mainly because of an acquisition of the North American business of Coca-Cola Enterprises, which was formally Coke’s largest U.S. bottler. Perhaps the situation could have been avoided if Coke ensured that the company it acquired was abiding by their level of data security even when it came to laptops that were retired assets.
Tricare and the United States Department of Defense
Our final ITAD horror story involves another healthcare company, Tricare, who found itself facing a multi-billion dollar lawsuit. In September of 2011 a transporter for the company had backup tapes stolen from their car that held social security numbers, addresses, and phone numbers of 4.9 million Tricare beneficiaries and 4 military families. The information came from patients in 10 states that were treated between 1992 and 2011. The class action lawsuit, which was filed against both Tricare and the U.S. Department of Defense, sought $1,000 in damages for each plaintiff. In total, this amounted to $4.9 billion in damages owed. Had there been better ITAD protocol, would they have faced these charges?
The moral of these stories is that one should always ensure their company has invested in a proper ITAD program that allows for time and effort to be spent taking extra precautions. It should integrate strategies for storing, selling, or recycling retired IT assets, and should incorporate a trustworthy IT asset disposition solutions company like IT Liquidators. Without a solid ITAD protocol, your company could be facing thousands, millions, or even billions of dollars worth of liabilities and damages.
Find out more about how to properly manage your IT assets on our website here.