CSG Law Alert: Quick Cash = Quick Breach
Many businesses and individuals dispose of aging equipment, laptops, desktops, servers and more by monetizing those items. Disposal may be by sale at auction or donation to charity. Some companies now lease equipment, and turn over such items at lease end. However, many businesses and individuals forget – or do not realize – that their equipment used to process data store the data. This could include such items as computers, fax machines, photocopiers, cellphones or other similar devices. When you return, sell or donate that equipment, you may be unwittingly causing a data breach.
NCIX, a recently failed Canadian company, did just that. The company, strapped for cash, sold off servers without first wiping the data. The devices in question stored data in plain text and contained decades of customer information, including names, addresses and payment information.
Whether you are returning leased equipment or selling or donating old items, and even if the data is encrypted, always have the data wiped from the device. For leased equipment, do not assume the leasing company will do this for you absent an express contractual undertaking to do so.