Federal Laws Pertaining to Computer and Electronics Recycling
There are five important federal laws you may need to be aware of and comply with, particularly with regard to safe disposal of hazardous waste and safeguarding customer information:
Resource Conservation and Recovery Act (RCRA)
The Resource Conservation and Recovery Act bans all open dumping of waste, encourages source reduction and recycling, and promotes the safe disposal of municipal waste including the hazardous waste disposal of computers and electronics. To comply with RCRA and avoid serious violation and fines, for example, cathode ray tubes or any other piece of electronic equipment that contains hazardous materials must be managed as hazardous waste and not end up in a landfill.
Visit the Environmental Protection Agency’s site for specific details on RCRA’s requirements.
Comprehensive Environmental Response Compensation and Liability Act (CERCLA)
The Comprehensive Environmental Response Compensation and Liability Act (better known as the Superfund law) states that the generator of a waste material containing hazardous substances is liable for proper disposal of that material throughout its life. This is true even if ownership of the material has changed hands. To comply with CERCLA, organizations should be aware that by selling or giving old electronic equipment to another party, they can be held liable for the full cost of cleanup, plus penalties, if the other party disposes of it improperly.
Visit EPA’s overview for more information on CERCLA.
Born from the financial scandals of 2001, the Sarbanes-Oxley Act mandates the security of companies’ financial systems and the IT infrastructure that supports those systems. Specifically, Section 404 holds that the confidentially and security of information are crucial foundations of compliance. As such, identity and proprietary data theft is one of the greatest challenges facing small businesses as they work to comply with this legislation that protects consumer financial, credit and health information. SOX requires that electronic data is erased and irretrievable at the end of the useful life of the IT asset.
You can find links to all Commission rulemaking and reports issued under the Sarbanes-Oxley Act at: http://www.sec.gov/spotlight/sarbanes-oxley.htm.
For Healthcare Providers
The Health Insurance Portability and Accountability Act requires confidentiality and security of health data. Healthcare providers should comply with the recent HIPAA legislation to ensure end-of-life data security for information stored on computers and other electronic equipment.
For Financial Institutions
The Safeguards Rule under the GLB Act, requires that financial institutions take proactive steps to ensure the security of customer information. The Federal Trade Commission defines “financial institution” for the purposes of GLB compliance as any organization that works with individual's money. These include banks, credit unions and brokerages as well as any organization that receives data from these institutions. These also include: