COMPANY | CUSTOMER LOGIN | CONTACT US


  • SERVICES
  • OUR CLIENTS
  • GOVERNMENT REGULATIONS
"Maxxum
dosen't just
pick up and
dispose of
your computer
equipment...
We help you
become
compliant with
laws and
regulations
that affect
your
industry."
Anita Janssen,
Founder & Principal,
Maxxum Inc.

Compliant programs must address environmental and data privacy regulations

There's a vast array of laws and regulations surrounding the safe and environmentally compliant disposition and recycling of IT assets -- both digital data and hardware - to which organizations are held accountable. That includes the following:
  • Environmental Protection Agency (EPA)/Resource Conservation and Recovery Act (RCRA)
  • EPA/Comprehensive Environmental Recovery, Compensation andn Liability Act (CERCLA or Superfund)
  • European Union electronics recycling laws
  • Basel Convention Treaty
  • A multitude of local/state privacy and hazardous waste laws
Maxxum is an expert in the laws and regulations surrounding data destruction and computer asset disposition that have regulatory implications for your organization. We also closely follow the trends that could affect changes in local, state, and national laws and regulations. The following are highlights of regulatory statues with implications that cut across industries:

Health Insurance Portability and Accountability Act (HIPPA) regulates health-related and patient information, including life insurance physical examination results. Medical provider, insurers, and medical technology entities are subject to compliance with this law. Requirements impacting end-of-life IT asset disposition include:
  • Patient information of hard drives must be removed
  • Removal processes must be documented, provable
  • Allows for fines up to $250,000 and 10 years in prison for each violation

Gramm-Leach-Bliley (GLB) establishes stringent consumer privacy obligations for banks, insurance companies, brokerages, and other financial services companies. Retailers and service companies that provide financing are subject to compliance with this regulatory initiative. Requirements impacting end-of-life IT asset disposition include:
  • Consumer information on hard drives must be removed
  • Auditable data security procedures must be implemented
  • Civil and criminal liabilities accrue from release of confidential data

Every organization has a responsibility...

...to their customers, clients, employees, management, students, partners, vendors, and/or shareholders. They have to protect all personal, financial, and other confidential data, as well as minimize all risks associated with data and environmental breaches of their networks. It's also vital to reduce costs and improve return-on-investment for all IT equipment.

Payment Card Industry Data Security Standard (PCI DSS) is a certification required by credit card companies for companies processing more than 20,000 transactions annually (or about 55 per day). The PCI DSS Standard has already been used as a basis for lawsuits if companies are found in non-compliance. Requirements impacting end-of-life IT asset disposition include:
  • State disposal standard for data
  • Physical security of electronic media containing cardholder data and destruction of media
  • Breach of compliance is the basis for law suits from both individual consumers and credit card companies

Fair Credit Reporting Act
Sarbanes Oxley
Family Education and Privacy Act (FERPA)
Children's Online Privacy Act






















Are You
At Risk?

Please click here to take an on-line Risk Assessment to determine your current level of regulatory compliance.
Maxxum Inc. | 1350 South Field Avenue | PO Box 489 | Rush City, MN 55069 | 651 674 2715 | info@maxxuminc.com