GPSolo Magazine - December 2004

Dumpster Disasters
Tips for Ethically Retiring Your Old Computers

In a regular and predictable ritual, similar in level of irritation to the 17-year locusts but much more frequent, you need to replace your PCs, laptops, and network files servers. Not that they necessarily wear out, but they are simply no longer up to the task of running contemporary software. Sadly, using a three- or four-year-old desktop PC is a lot like driving a car with 800,000 miles on it—it just barely limps along.

So what happens to all those elderly PC systems once you’ve relegated them to the dustbin of techno-history in your firm or law department? What are your choices? Tossing them in the dumpster seems wasteful, and it is certainly not very environmentally conscious. Much of this equipment is considered hazardous to the environment and must be managed and disposed of in compliance with federal, state, and local laws and regulations. You could try to sell your old computers for a few cents on eBay, or maybe you could donate them to charity.

Any of these choices could cost you your law license.

Why? Because all those old computers are packed with confidential client information—information that you have an ethical duty to protect. Further, the computers undoubtedly have sensitive firm information, as well as software licensed to your firm or organization (for which you have specific obligations under the respective “end-user license agreements,” or EULA). Giving away control and access to these computers—through either the dumpster approach, the eBay sale, or the well-intended charitable donation—can lead to malpractice claims and ethical violations at worst, and, at best, serious embarrassment. And not to further ruin your day, but potentially there could even be violation claims as a result of HIPPA (for disclosing employee or client healthcare information) and Sarbanes-Oxley (for giving away corporate documents that you must maintain). So what should you do?

You Need a D.U.M.P.: A Disposal Un-Malpractice Plan

The key to a D.U.M.P. is ensuring, to the greatest extent reasonably practical, that you remove confidential client information, firm or organization information, and all licensed software that you do not intend to formally transfer. This means using a technical process that will remove this information in an effective manner, rendering the information as unrecoverable as you can reasonably accomplish. It may not be possible to delete information so that no one could ever recover it. Practically speaking, if someone wants to spend enough money and enough time, they could probably find a way to recover at least some of your data, no matter what you do. But the reality is that the standard to meet is one of reasonableness. What steps would a lawyer need to take to ensure the reasonably effective removal of this information?

Well, here’s what doesn’t work:

• Deleting files using Windows Explorer or the Windows My Computer functions. Even the great mass of techno-peasantry knows they can click the Recycle Bin and undelete these files in short order. It’s fairly well known that deleting files using Windows or even “DOS” command line functions doesn’t remove the files. It merely removes the “directory listing” so that Windows can no longer “see” the file. Think of it as removing the address numbers over the front door to your house. Visitors from out of town may not know it’s your house if they’re looking for your address, but the house is most assuredly still there. Even reformatting a hard drive or removing a storage “partition” yields easily recoverable information—cheap or free utilities abound that can perform such recoveries.

• Deleting the files and emptying the Recycle Bin. A little more clever, but the files are still recoverable by even “entry-level experts” in about 30 seconds.

• Throwing the hard drive in your building’s incinerator. Still not good enough. Just ask the data recovery experts at companies such as Kroll Ontrack ( or Drive-savers ( Give them a couple days (and a few thousands dollars) and they can probably recover most, if not all, of the information from utterly scorched hard drives.

• Letting David Letterman throw your computers off of a 40-story building. Entertaining, but equally ineffective.

Now for what does work:

Electronic “File-Shredding” Software

These software systems delete files in a number of ways that you cannot accomplish using Windows alone. They typically will run a routine that deletes the files and then overwrites the areas of the hard drive with repeated patterns of random characters. The more “passes” made by the overwriting routine, the harder it becomes to recover the original information. The product and methodology used should comply with the standards promulgated by the U.S. Department of Defense (DoD). Deleting information pursuant to this standard should satisfy the “reasonableness” requirement.

The U.S. Department of Defense has a set of published guidelines related to the clearing and sanitizing of PC media (DoD 5220.22-M). This set of guidelines recommends that you “overwrite all addressable locations with a character, its complement, then a random character and verify” for all writable media (i.e., hard drives, floppy drives, backup tapes, ZIP disks, flash drives, etc.). One example of such an “electronic shredder” is the DataEraser software system, produced by zDelete. Its website ( displays the DoD’s table prescribing the specific methods required for adequate and compliant information destruction on all sorts of media types in common use in law practices today.

Be sure to understand all the places where data may be located. These include but may not be limited to:

• Hard drives in PCs

• Old hard drives sitting on your shelves that may have failed and were removed but still have recoverable information

• Floppy disks (all sizes—don’t forget the old ones in your building’s basement)

• ZIP disks and other removable data cartridges

• Backup tapes

• The newer “flash drives”

There are many software products that will accomplish electronic file shredding to DoD standards. A Google search of “file deletion software” will yield a treasure trove of capable utilities. Products such as DataEraser, CyberScrub (, and many others are suitable. Look for the specific DoD 5220.22-M certification as a sign of competence. Then be certain to use the product correctly. In other words, read the instructions!

Finalizing Your D.U.M.P.

It is also imperative, from a legal and ethical perspective, to comply with your software license agreements. You must remove all licensed software that you do not intend to formally transfer with the PC system. Read each end-user license agreement to learn precisely what must be done with each software product on the hard drive of any computers or any other electronic media you plan to get rid of.

Then, a “best practices” approach would involve the creation of a formal written computer usage policy detailing the goal of the D.U.M.P. process, the process itself, and a written requirement that the process always be used when disposing of PCs or electronic media. This is the most complete way to CYA—Cover Your Assets.

Be sure to inform your clients of their need to take the same precautionary measures when they dispose of their PC systems and media. The last thing you need is a corporate client tossing backup tapes into the dumpster—packed with damaging information about a matter in litigation—and a digital dumpster diver hired by the opposition finding it and using it against them. This happens—it’s not fantasy.

Technical Assistance

If you don’t understand, or don’t want to acquire and learn to use electronic file shredding software, hire an expert to handle the process for you—it will be money well spent. Be certain to get a written statement from the service provider documenting its destruction of the information, the methodology and software used, and its compliance with the DoD standards. Ideally, such a written statement would also indemnify your lawyers from liability for the service provider’s failure to adequately destroy the information.

Retirement Options

Once the critical step of removing the data and licensed software is accomplished, you can look at your disposal options. The chief options include sale, donation, and recycling.

Sale or donation to employees. For all practical purposes, the sale of computers is limited to employees because few law firms would want the hassle of selling computers in the marketplace. If you have relatively recent PCs that are still usable for home/college/student use, offering them to your employees may make a lot of sense and be seen as an employee benefit. You can either sell them at a very low price or simply donate them.

Donation to a charitable entity. Let us be clear: Charitable donations should not be a way to foist your computer disposal problems on someone else. Because charities often have the same software needs as you, trying to unload 15-year-old ’486-class orolder PCs, or even your early generation Pentiums 4s, may not be very easy. It is possible a charity would want to use them for some type of vocational training or cannibalize them for parts. But many well-known charitable organizations have stopped accepting computers and monitors altogether. The best thing to do is to ask the organization before you donate.

If you cannot find a donee locally (i.e., church groups, municipal agencies, homeless shelters, etc.), think national. One group to consider is the National Cristina Foundation ( It matches companies and individuals interested in donating computers and related equipment with nonprofit organizations and schools that serve people with disabilities in the United States and abroad. Donors send equipment directly to the beneficiary. Many more donation sources are available if you run the Google search “donating used computers.”

Recycling. Taking up space in landfills is one problem, but few people realize that computers and monitors contain high levels of lead, mercury, and other envi-ronmental contaminants. The good news, according to the U.S. Environmental Protection Agency, is that 50 percent of the materials in a personal computer can be recycled. There are avenues for recycling old computers to ensure they don’t harm our already oppressed environment—you just have to know where to look.

To find a reuse and recycling program in your area, contact your state or local waste management agency, or try the EIA Environment page at For basic information on how to reduce electronic waste, along with related web links, see the Environmental Protection Agency’s website,

One more option: Some computer manufacturers (including Dell, Gateway, HP, IBM, and Apple) are offering product take-back services to their customers for recycling, trade-in on a new product, or donation to the needy.

For those of you who prefer to think of old PCs as antiques or historical relics, there’s a website for you, too: Wax nostalgic for your old computer among more than 800 examples in their computer “museum.” If you don’t find your computer there, try Google’s collection of historical computers at You never know, your old PC might be just the one some museum is looking for.

The bottom line is simple. PC in the dumpster = potential malpractice claims, ethical violations, embarrassment. Imagine the community embarrassment that happens when your local vocational retraining institution calls you to ask if you intended to donate a network server containing your entire time and billing system (this actually happened). Develop a D.U.M.P. for your firm or law department, then make it official policy and use it.


Ross L. Kodner is president and founder of MicroLaw, Inc., a national legal technology consultancy based in Milwaukee, Wisconsin. He can be reached at, via, and at 414/540-9433. Courtney G. Kennaday is the practice management advisor for the South Carolina Bar, where she helps lawyers deal with myriad law office issues. She can be reached at


Back to Top