There’s an important lesson about device destruction that businesses can learn from a grocery story chain in New Jersey.
Remember back in November 2020? Businesses are struggling to swim against the tide of pandemic safety concerns, lockdowns, and guidance. One of the businesses not struggling as much is grocery stores, since nobody is dining out. And based on the lack of flour on the shelves… everyone is home, baking.
At the same time, New Jersey Attorney General, Gurbir S. Grewal announced that his office had just settled with grocery store giant ShopRite’s parent company, Wakefern Food Corp and two of its supermarket entities for $235,000.
According to the press release, the Attorney General said that in 2016, Wakefern violated HIPAA and the New Jersey Consumer Fraud Act by failing to properly dispose of electronic devices used to collect the signatures and purchase information of pharmacy customers in two separate locations.
It is alleged that when new devices were implemented, the old electronic devices were thrown out in dumpsters without wiping them. This may have exposed names, phone numbers, birthdates, driver’s licenses, prescription numbers, medication names, dates, insurance information, and customer zip codes. The data breach was announced in 2018, and affected customers of the pharmacies between 2007 and 2013.
In addition to the fine, Wakefern is now required to appoint a chief privacy officer, execute Business Associate Agreements with the entities that are operating its pharmacies, ensure that all ShopRite stores with pharmacies designate a HIPAA privacy officer and a HIPAA security officer, and provide online training for those officers on the HIPAA privacy and security rules. Wakefern has implemented new safety measures to ensure that this breach doesn’t happen again, but what can other businesses do?
The first step is to look for a certified electronics recycler. R2 (Responsible Recycling) is an international recycling industry standard for the environmentally proper disposal of electronic equipment. R2 certification is an audited process confirming that the recycling business has appropriate policies and procedures for the disposal of obsolete electronics. R2, ISO (Environmental, OSHA, Quality Control) and NAID AAA security certifications are considered the “gold” standard for regulatory “Vendor Due Diligence” requirements. Back Thru The Future is one of a small number of electronic recyclers in the US with these certifications as well as being a US EPA and NJ DEP licensed “Universal Waste Destination Facility” for the processing of electronics.
Back Thru The Future was the first and only company in NJ to be able to legally provide onsite hard drive shredding. We continue to be the only computer recycling company in NJ that can provide both NAID AAA secure data destruction certification and the regulatory required environmental compliance certification for the proper recycling of the shredded hard drive material.