Resource Recycling
  • The Latest
  • Analysis
    • All
    • Certification Scorecard
    • Industry Announcements
    • Opinion
    From claims to custody: PCR procurement grows up

    From claims to custody: PCR procurement grows up

    What the NAND flash crunch means for remarketing, refurbishment and residual values

    Telamon acquires ITAD consultancy Retire-IT

    Certification Scorecard — Week of July 6, 2026

    Tech giant pens detailed ‘plastic-free packaging’ guide

    What Google’s latest report means for ITAD

    Unpacking the Starbucks cup data

    Unpacking the Starbucks cup data

    Amazon cutting out more flexible packaging

    Amazon’s AWS hardware reuse is measured

  • Conferences
    • Resource Recycling Conference
    • Plastics Recycling Conference
    • E-Scrap: The Longevity Conference
    • Textiles Recovery Summit
  • Publications
    • E-Scrap News
    • Plastics Recycling Update
    • Policy Now
    • Resource Recycling
    • Other Topics
      • All Topics
      • Brand Owners
      • Critical Minerals
      • Glass
      • Grant Watch / RFPs
      • Markets
      • Organics
      • Packaging
      • Research
      • Technology
      • Textiles
Subscribe
No Result
View All Result
Resource Recycling
  • The Latest
  • Analysis
    • All
    • Certification Scorecard
    • Industry Announcements
    • Opinion
    From claims to custody: PCR procurement grows up

    From claims to custody: PCR procurement grows up

    What the NAND flash crunch means for remarketing, refurbishment and residual values

    Telamon acquires ITAD consultancy Retire-IT

    Certification Scorecard — Week of July 6, 2026

    Tech giant pens detailed ‘plastic-free packaging’ guide

    What Google’s latest report means for ITAD

    Unpacking the Starbucks cup data

    Unpacking the Starbucks cup data

    Amazon cutting out more flexible packaging

    Amazon’s AWS hardware reuse is measured

  • Conferences
    • Resource Recycling Conference
    • Plastics Recycling Conference
    • E-Scrap: The Longevity Conference
    • Textiles Recovery Summit
  • Publications
    • E-Scrap News
    • Plastics Recycling Update
    • Policy Now
    • Resource Recycling
    • Other Topics
      • All Topics
      • Brand Owners
      • Critical Minerals
      • Glass
      • Grant Watch / RFPs
      • Markets
      • Organics
      • Packaging
      • Research
      • Technology
      • Textiles
Subscribe
No Result
View All Result
Resource Recycling
No Result
View All Result
Home E-Scrap

What new data protection laws mean for e-scrap processors

byJared Paben
September 12, 2019
in E-Scrap
What new data protection laws mean for e-scrap processors

New data protection laws in California and New York are part of a national trend that will fundamentally change the way businesses handle personal information, according to a NAID leader.

“The sea change is that however these things end up, they are putting the data subject – or the data owner, the individual – in charge of their information,” Bob Johnson, CEO of the National Association for Information Destruction (NAID), said in an interview. “At its core, that’s a difference for businesses and for service providers and it’s going to mean big changes over time.”

New York Gov. Andrew Cuomo on July 25 signed into law Senate Bill S5575B, called the Stop Hacks and Improve Electronic Data Security (SHIELD) Act. Both the SHIELD Act and an earlier California bill require businesses to put added scrutiny on their recycling vendors. The new legal requirements could also help compliant e-scrap recycling vendors land more clients.

“Change and opportunity always go together,” Johnson said.

New York’s new law

The SHIELD Act requires businesses to have and maintain reasonable safeguards to protect the security, confidentiality and integrity of private information, “including, but not limited to, disposal of data.” It requires businesses to implement reasonable administrative, technical and physical safeguards on data, including taking steps to ensure data is secure when it’s being transported to and handled by data destruction vendors. If the business is a type already covered by specific other data protection laws, such as Health Insurance Portability and Accountability Act (HIPAA) or the Gramm-Leach-Bliley Act, also known as the Financial Services Modernization Act of 1999, it’s considered in compliance with the SHIELD Act requirements.Importantly, the SHIELD Act applies to all companies that hold the private information of a New York State resident, not just organizations that do business in the state. The National Law Review provides more information on the law, which takes effect March 21, 2020.

Nationwide processor ERI issued a press release on the SHIELD Act on Aug. 27 pointing to a nationwide trend and emphasizing the importance of data protection during recycling.

“Corporations are being scrutinized more than ever before for their management of digital data,” John Shegerian, ERI’s co-founder and executive chairman, stated in the release. “With the increases in liability, there is a huge storm of problems on the horizon for corporations if data is not sufficiently protected from hackers and cybercriminals as well. We can and should anticipate similar regulatory trends to become established nationwide in the very near future.”
Learn more in person
Bob Johnson, CEO of the National Association for Information Destruction (NAID), will take the stage twice at this year’s E-Scrap Conference and Trade Show, held Sept. 23-25 in Orlando, Fla. He will speak during a Tuesday session titled “The Latest on e-Stewards” and will moderate a Wednesday session titled “ITAD Deep Dive: Data Security.” Go to the conference website to learn more and register.

‘New era in privacy and data security’

New York’s law came one year after Jerry Brown, who was governor of California at the time, signed into law Assembly Bill 375, the California Consumer Privacy Act (CCPA). Both laws are the U.S. dominos falling after the European Union’s General Data Protection Regulation (GDPR) went into effect in 2018, Johnson said. New Jersey and a number of other states are now considering similar legislation. NAID on Wednesday, Sept. 11, published a blog post recapping Johnson’s impressions from a recent meeting in New Jersey.

Johnson wrote about GDPR and similar U.S. laws in a spring 2019 article in E-Scrap News magazine.

In California, CCPA gives consumers new rights with respect to the collection and use of their personal information. Johnson said CCPA applies to ITAD companies, as well as their enterprise clients. CCPA currently allows any individual to request from the covered business – a bank, for instance – the name, as well as the written policies and procedures and qualifications of their data destruction vendors.

CCPA requires those businesses and their service providers to protect consumer’s personal information from unauthorized access, theft or disclosure. Johnson said “unauthorized access” includes loss of data-bearing devices. For example, if an ITAD company driver signs a manifest stating he or she will pick up 100 used hard drives from a customer, but only 99 hard drives arrive at the recycling facility, then that would be considered a data breach incident. Under the current iteration of CCPA, each affected individual could then go to court to seek compensation from the company of up to $750 per incident.

Johnson cautioned that a number of amendments to CCPA are already being considered, so it’s unclear exactly what the law will look like when it goes into effect on Jan. 1, 2020.

“No matter what does result, it will certainly represent kind of a new era in privacy and data security,” he said.

That new era will provide business opportunities for compliant e-scrap processors and challenges for those that aren’t, he said.

“If they’re ready to embrace this emerging world and do these things, it’s going to be really good for them. They’re going to do great if they can speak the language intelligently and they got the right contracts, they have the right policies and procedures,” Johnson said. “The other side of the coin is, if they don’t, they’re still going to find the customer out there that doesn’t know any better or that’s not paying attention, but it will be increasingly more difficult for them to operate.”
 

Tags: Data SecurityIndustry Groups
TweetShare
Jared Paben

Jared Paben

Related Posts

APR adds PCR content verification to cert program

APR adds PCR content verification to cert program

byAntoinette Smith
July 9, 2026

The Association of Plastic Recyclers (APR) is expanding its PCR Certification Program to verify the percentage of PCR content in...

Unpacking the Starbucks cup data

Unpacking the Starbucks cup data

byAntoinette Smith
July 8, 2026

Upon close examination, data casting doubt on the coffee giant's recycling claims raises more questions than it answers.

SCS launches chem recycling standard

SCS launches chem recycling standard

byAntoinette Smith
July 1, 2026

SCS Global Services now provides third-party verification of responsible non-mechanical recycling processes, in line with a new global standard.

Groups call for end to e-scrap imports to Philippines

Groups call for end to e-scrap imports to Philippines

byPaul Lane
June 30, 2026

A task force claims hundreds of containers of material have illegally entered the country since last year.

Bipartisan reps introduce bill on recycling claims

Congressional hearing focuses on opening US mineral market

byPaul Lane
June 29, 2026

Stakeholders spoke on behalf of legislation that would bolster domestic mineral recovery efforts.

Bottlers open recycling center on Mexican isle

Bottlers open recycling center on Mexican isle

byAntoinette Smith
June 26, 2026

The transfer center will separate and process recyclables on Isla Holbox, a pristine island off the northern coast of the...

Load More
Next Post
E-scrap export ban introduced in Senate

E-scrap export ban introduced in Senate

More Posts

Two recycled-content bills gain approval in California

California agriculture seeks SB 54 repeal

July 7, 2026
Unpacking the Starbucks cup data

Unpacking the Starbucks cup data

July 8, 2026
Oregon’s Recycling Modernization Act faces injunction

Oregon’s EPR program posts first-year results

July 6, 2026
Tech giant pens detailed ‘plastic-free packaging’ guide

What Google’s latest report means for ITAD

July 8, 2026
In Our Opinion: Coalitions: The EPR Differentiator

Inside NAW’s constitutional case against packaging EPR

July 6, 2026
SB 54 draft rules generate debate on rates, review

California increases PET market payments

July 7, 2026
EPR fees are a market signal. Here’s what they’re telling you.

Building the infrastructure behind EPR

July 6, 2026
MP Materials breaks ground on rare earth magnet campus in North Texas

ERI confirms ITAD shift toward minerals

July 3, 2026
Auto Draft

Digital product passports offer gateway into secondary market

July 7, 2026
Canada EV battery reuse pilot to start

Canada EV battery reuse pilot to start

July 8, 2026
Load More

About & Publications

About Us

Staff

Archive

Magazine

Work With Us

Advertise
Jobs
Contact
Terms and Privacy

Newsletter

Get the latest recycling news and analysis delivered to your inbox every week. Stay ahead on industry trends, policy updates, and insights from programs, processors, and innovators.

Subscribe

Welcome Back!

Login to your account below

Forgotten Password?

Retrieve your password

Please enter your username or email address to reset your password.

Log In

Add New Playlist

No Result
View All Result
  • The Latest
  • Analysis
  • Recycling
  • E-Scrap
  • Plastics
  • Policy Now
  • Conferences
    • E-Scrap Conference
    • Plastics Recycling Conference
    • Resource Recycling Conference
    • Textiles Recovery Summit
  • Magazine
  • About Us
  • Advertise
  • Archive
  • Jobs
  • Staff
Subscribe
This website uses cookies. By continuing to use this website you are giving consent to cookies being used. Visit our Privacy and Cookie Policy.