Compliance Resources
GLBA Safeguards Rule & IT Disposal
If your business is a "financial institution" in the FTC's broad sense — lenders, mortgage brokers, auto dealers, tax preparers, wealth managers, collection agencies — the GLBA Safeguards Rule governs how you protect customer information, and that includes how it leaves the building inside retired computers.
What the Safeguards Rule expects at disposal
The Safeguards Rule requires a written information security program, and the FTC's amended rule made disposal explicit: customer information is to be disposed of securely, and not held indefinitely by default — the rule pushes institutions to dispose of customer information they no longer have a business need to keep.
Retired IT is where those requirements get physical. The customer files, loan documents, and account records your program protects on live systems ride out the door on the same drives when hardware is retired.
What that means for retired financial-office IT
Advisor workstations, loan-processing machines, the office file server, backup drives in a drawer — all are in scope. So is equipment leaving via the messy paths: an office move, a branch closure, a departed employee's laptop that sat in a closet for two years.
The pattern that works: treat every disposal as a small, documented project. Inventory what is leaving, sanitize or destroy the media, and keep the certificate with your information-security program records so your next audit or examination has an answer ready.
How our process supports Safeguards-conscious disposal
We are not your compliance counsel, and no vendor can make you "GLBA compliant." What we provide is the disposal leg of your program, documented: media sanitized following NIST 800-88 guidelines, certificates of data sanitization, serialized manifests on request, and paid onsite shredding where your policy requires witnessed physical destruction.
Financial-services pickups across DFW are routine for us — quiet, scheduled around client hours, with paperwork your compliance file can absorb as-is.
This page is general information, not legal advice. Regulations change and their application depends on your situation — confirm your obligations with your counsel or compliance advisor. What we provide is documented disposal: sanitization following NIST 800-88 guidelines, certificates, and manifests that support the procedures your advisors design.
Common Questions
Does the Safeguards Rule apply to small firms?
The FTC's definition of financial institution is broad and captures many small businesses — tax preparers, mortgage and auto lenders, financial advisors. Some requirements scale with size, but secure disposal of customer information is baseline hygiene for all of them.
Is deleting files or reformatting a drive enough?
Deletion and quick formats leave recoverable data. The referenced practice is media sanitization along NIST 800-88 lines — overwriting, cryptographic erasure, or physical destruction depending on the media — with a record of what was done.
What should we do with old backup drives and tapes?
Treat them as the most sensitive items in the pile: they are dense, portable copies of exactly the information the rule protects. Include them in the pickup, flag them for sanitization or destruction, and keep the certificate.
Retiring Equipment With Data On It?
Free pickup for qualifying business IT equipment across DFW — with the sanitization certificates and manifests your records need.
Schedule a Documented Pickup