Our Privacy & Policy
Introduction
We care about your privacy. Pure Leverage values the privacy of the information you provide us. The policies herein are subject to change. We encourage you to check back for updates from time to time. If you have additional questions about this privacy statement, we invite you to contact us.
We take your privacy seriously and want you to feel comfortable using this website. This Privacy Policy deals with personally identifiable information (referred to as “data” below) that may be collected by this site. This policy does not apply to other entities that are not owned or controlled by us, nor does it apply to persons who are not employees or agents of ours.
1. Collection of Data
You are not required to provide any information you do not want to. We do collect your first and last name and email address. In compliance with the GDPR, we collect information such as your IP address and cookie information. We use cookies in order to make interactions with this website easy and meaningful and to analyze our traffic.
2. Use of Data
Data may be used to customize and improve the user experience on this site. Efforts will be made to prevent your data from being made available to third parties unless (i) provided for otherwise in this Privacy Policy; (ii) your consent is obtained, such as when you choose to opt-in or opt-out for the sharing of data; (iii) a service provided on our site requires interaction with a third party, or is provided by a third party, such as an application service provider; (iv) pursuant to legal action or law enforcement; (v) it is found that your use of this site violates the site editor’s policy, terms of service, or other usage guidelines, or if it is deemed reasonably necessary by the site editor to protect the site editor’s legal rights and/or property; or (vi) this site is purchased by a third party, in which case that third party will be able to use the data in the same manner as set forth in this policy. If you choose to use links displayed on this website to visit other websites, you are advised to read the privacy policies published on those sites.
3. Cookies
Like many websites, this website sets and uses cookies to enhance your user experience to remember your personal settings, for instance. Advertisements may be displayed on this website and, if so, may set and access cookies on your computer; such cookies are subject to the Privacy Policy of the parties providing the advertisement. However, the parties providing the advertising do not have access to this site’s cookies. These parties usually use non-personally identifiable or anonymous codes to obtain information about your visits to this site.
4. Minors
The site editor might not allow persons aged thirteen or younger to become members of this site. For more information, please contact the site administrator.
5. Changes to this Privacy Policy
Changes may be made to this policy from time to time. You may not be notified of changes to this policy, so we recommend you check back frequently.
6. No Guarantees
While this Privacy Policy states standards for the maintenance of data, and while efforts will be made to meet the said standards, we are not in a position to guarantee compliance with these standards. There may be factors beyond our control that may result in the disclosure of data. Consequently, we offer no warranties or representations as regards maintenance or non-disclosure of data.
7. Contact Information
If you have any questions about this policy or this website, please feel free to contact the site administrator.
Q&A and Regulations
What is End-of-Life Data Destruction?
Physical destruction is the preferred option for data destruction on magnetic media that will not be used any longer, even if the device is faulty. There are two methods: crushing and shredding. The PL Crusher uses powerful force applied to the drive chassis to buckle and/or pierce it. The internal platters and read/write heads are damaged beyond reasonable recovery methods, making the drive inoperable. Shredders use large cutting heads that rip drives to shreds as they enter the cutting machine.
Typically, Crushers are used in lower volume applications of less than a few hundred per day. Shredders are larger automated machines that can be operated continuously over a long period of time, making them ideal for very high volume destruction.
For most magnetic media, a crusher used on its own is acceptable. However, for highly classified information, or for extreme security requirements, storage devices may be subject to a two-step approach by also degaussing or shredding in addition to crushing.
Pure Leverage Hard Drive Crusher Compliance
By crushing the case and bending the platters in hard drives, the PL Crusher operation fits the Regulations definition of Destruction…
Many Standards and Regulations refer to “destruction”. Crushing fits the description of destruction. Circuit boards are cracked and wires are broken, disks are bent. As you know, there is no way that a HD platter could ever be flattened to the point that heads could fly over the surface and read the data. In addition, the recording surface micro-flakes on the bends, and surface areas get scratched.
PLC has sold many crushers to health organizations under HIPAA regulations, banking organizations subject to GLBA, and organizations that are certified by National Association of Information Destruction (NAID). You do not need to wipe the drives first. They are destroyed and no data is recoverable by any conventional means. It is by practical means that any reasonable judgement would deem them destroyed and unrecoverable.
Regulation Notes
NIST: Abstract 800-88… Media sanitization refers to a process that renders access to target data on the media infeasible for a given level of effort. In addition, the bulletin refers to these definitions for acceptable destruction:
Bend: The use of a mechanical process to physically transform the storage media to alter its shape and make reading the media difficult or infeasible using state of the art laboratory techniques.
Destroy: A method of sanitation that renders target data recovery (using state-of-the-art laboratory techniques) infeasible and results in the subsequent inability to use the media for storage of data.
Disintegration: A physically Destructive method of sanitizing media; the act of separating into component parts.
Deduction: Crushing the circuit board and disk(s) fits the description of “destroy”. We sell our crushers to many government and health organizations which are subject to the strict guidelines of HIPAA.
HIPAA Disposal Requirements
The HIPAA Privacy Rule requires organizations to follow certain guidelines when disposing of computer hard drives containing ePHI (electronic Personal Health Information). In general, healthcare providers and covered entities must implement “reasonable” safeguards to the limit the exposure of ePHI all the way through destruction.
Electronic media that contains ePHI should be rendered “unusable and/or inaccessible”. One method is to “physically damage it [hard drive] beyond repair, making the data inaccessible”.
NSA: Meeting Recommendations
PLC has submitted our Crusher to be on the list of approved crushers on the NSA list. Though we fit the NSA requirements and definition for destruction, they have left us off the list for now only because we do not ship the crusher with a shroud. We understand they must be extra cautious on what is on their list, but we are happy we fit the requirements for destruction, and are pondering a shroud, though it is not needed. It is effective in device destruction.
The Gramm-Leach-Bliley (GLB) Act for Financial Institutions
Many financial institutions collect personal information from their customers, such as their names, addresses and phone numbers; bank and credit card account numbers; income and credit histories; and Social Security numbers. The Gramm-Leach-Bliley (GLB) Act requires financial institutions to ensure the security and confidentiality of this type of information.
As part of its implementation of the GLB Act, the Federal Trade Commission (FTC) has issued the Safeguards Rule. This Rule requires financial institutions under FTC jurisdiction to secure customer records and information, and to train employees to take basic steps to maintain the security, confidentiality and integrity of customer information.
Here are some suggestions on how to maintain security throughout the life cycle of customer information that is, from data entry to data disposal: Shred or recycle customer information recorded on paper and store it in a secure area until a recycling service picks it up; Erase all data when disposing of computers, diskettes, magnetic tapes, hard drives or any other electronic media that contain customer information; effectively destroy the hardware; and promptly dispose of outdated customer information.
ARGUMENTS FOR DESTRUCTION (Expound on these points in your next Security meeting!)
You may have several reasons for keeping a stockpile of old hard drives and backup tapes. Maybe procrastination has gotten the better of you. Perhaps you think you may need to access that expired data someday or you’re concerned about outsourcing the destruction of your media. Whatever your concerns, fear is no replacement for the facts, so here are five good reasons you should destroy your old data media.
1.Data Security
Old hard drives are a security liability. A single device can store hundreds of thousands of confidential data files, and electronic data can be compromised even when it’s out-of-date or the device it’s stored on is inoperable.
Deleting digital files from a device doesn’t completely obliterate the data. With the right tools and software, identity thieves and criminals bent on business fraud can still extract information from a hard drive. Physical destruction of your devices is the best way to lower your company’s data breach exposure.
2. Legal Compliance
Data breach consequences include fines and even criminal prosecution for failing to protect consumer information. Each of the following laws require organizations to safeguard personal, health and financial records from unauthorized access:
HIPAA
GLB
FACTA
Destroying your hard drives helps keep your business compliant with these privacy regulations.
3. Cost Savings
In addition to fines and other costs associated with a data breach, don’t overlook the cost of storing old backup media. Every square inch counts when you’re paying a premium for office space. Hoarding outdated computers and storage media means there’s less room for revenue-generating activities.
Some organizations may consider wiping data from the hard drives with special software, but paying for the employees to do that work, and setting up equipment to do so is expensive. The costs of wiping a hard drive (employee time, equipment and software), is actually more than the value of a new replacement device.
Incorporate regular hard drive destruction and recycling into your data security plan to maximize profitability.
4. Client Trust
You work hard to gain the trust of your customers and wouldn’t want to throw it away by compromising their data. Having your old hard drives securely destroyed helps ensure total information privacy for your customers and your business.
5. Brand and Reputation Protection
Besides creating a whirlwind of legal and financial problems for your business, stolen data can permanently damage your corporate brand and reputation. Some businesses never fully recover from a corporate data breach because of the punishing costs and destruction of the brand.
Media destruction keeps your information safe so consumers continue buy products and services from a company they know and respect. Don’t let excuses get in the way of protecting your information. Destroying your old hard drives makes too much sense.