Compliance Encyclopedia
Regulations & Standards Compliance
Federal, industry, and international standards for secure media sanitization and data destruction. Select a regulation for requirements, methods, audit documentation, and how All Green Recycling maps services to each standard.
State Regulation
US State E-Waste Laws: Landfill Bans and Producer Responsibility by State
Most electronic-waste regulation in the United States happens at the state level, where 25 states plus the District of Columbia operate recycling laws and landfill disposal bans. The rules vary by state in their model, covered devices, and obligations. All Green Recycling processes electronics at a facility aligned to ISO 14001:2015 environmental management practices and supports businesses managing end-of-life equipment across multiple state programs.
Learn more International Convention
Basel Convention and E-Waste Export: Transboundary Hazardous Waste Controls
The Basel Convention governs the movement of hazardous waste across international borders to prevent dumping of waste, including electronic waste, in developing countries. Amendments effective in 2021 brought e-waste under its prior-informed-consent controls. All Green Recycling processes electronics domestically at a facility aligned to ISO 14001:2015 environmental management practices and maintains downstream accountability so material is not exported to non-compliant operations.
Learn more State Regulation
CCPA and CPRA: Data Deletion, Disposal, and the Right to Destruction in California
The California Consumer Privacy Act (CCPA), as amended by the California Privacy Rights Act (CPRA), gives California residents a right to delete their personal information and requires businesses to secure and properly dispose of it. A separate California law requires businesses to destroy customer records holding personal information. All Green Recycling's data destruction processes are operationally aligned to these California deletion and disposal obligations.
Learn more Federal Framework
CMMC Media Sanitization: Control MP.L2-3.8.3 for CUI and FCI Media
The Cybersecurity Maturity Model Certification (CMMC) 2.0 verifies that Defense Industrial Base contractors protect Federal Contract Information and Controlled Unclassified Information. Its media sanitization control requires that media be sanitized or destroyed before disposal or reuse. All Green Recycling's data destruction processes are operationally aligned to the NIST SP 800-88 methods that satisfy the CMMC media sanitization control.
Learn more Federal Framework
DoD 5220.22-M Standard: History, Deprecation, and Modern Replacements
DoD 5220.22-M is the legacy multi-pass overwrite pattern from the Department of Defense National Industrial Security Program. NIST Special Publication 800-88 Revision 2 has superseded it as the prevailing federal media-sanitization guideline, yet enterprise RFPs still request it by name. All Green Recycling's software wiping service processes conform to the DoD 5220.22-M multi-pass overwrite specification on magnetic media.
Learn more Federal Regulation
EPA RCRA for Electronics: Hazardous Waste Rules for End-of-Life Equipment
The Resource Conservation and Recovery Act (RCRA) is the federal law governing hazardous waste, and end-of-life electronics often contain lead, mercury, and other hazardous constituents. Generators must determine whether discarded electronics are hazardous and manage them accordingly. All Green Recycling operates as a responsible electronics recycler and processes equipment at a facility aligned to ISO 14001:2015 environmental management practices, keeping covered material out of landfills.
Learn more Federal Law
FACTA Disposal Rule: Destroying Consumer Report Information
The Fair and Accurate Credit Transactions Act of 2003 (FACTA) directed the Federal Trade Commission to require proper disposal of consumer report information. The FTC Disposal Rule at 16 CFR Part 682 requires reasonable measures to protect against unauthorized access when discarding that data. All Green Recycling's data destruction processes are operationally aligned to the Disposal Rule for media holding consumer report information.
Learn more Federal Law
FISMA Media Sanitization: Federal Information Security and Control MP-6
The Federal Information Security Modernization Act of 2014 (FISMA) requires federal agencies and their contractors to secure federal information systems under a risk-based program. Media sanitization control MP-6 in NIST SP 800-53 directs that media be sanitized per NIST SP 800-88 before disposal or reuse. All Green Recycling's data destruction processes are operationally aligned to the NIST SP 800-88 methods that satisfy MP-6.
Learn more EU Regulation
GDPR Right to Erasure (Article 17): Data Destruction and the Right to Be Forgotten
The EU General Data Protection Regulation, Regulation (EU) 2016/679, gives individuals a right to erasure of their personal data under Article 17, often called the right to be forgotten. When personal data reaches end of life on physical storage media, secure destruction is how an organization completes erasure. All Green Recycling's data destruction processes are operationally aligned to the GDPR erasure and accountability obligations.
Learn more Federal Law
GLBA Safeguards Rule: Secure Disposal of Customer Financial Information
The Gramm-Leach-Bliley Act requires financial institutions to protect customer information. The FTC Safeguards Rule at 16 CFR Part 314, with full compliance required since 9 June 2023, mandates a written information security program that includes secure disposal of customer data. All Green Recycling's data destruction processes are operationally aligned to the Safeguards Rule disposal requirement.
Learn more Federal Law
HIPAA Disposal Rule: Media Destruction Requirements for Covered Entities
The Health Insurance Portability and Accountability Act of 1996 (HIPAA) requires covered entities and business associates to dispose of electronic protected health information so it cannot be read or reconstructed. The HIPAA Security Rule at 45 CFR Part 164 Subpart C governs media disposal and re-use. All Green Recycling's data destruction processes are operationally aligned to these safeguards and backed by a signed Business Associate Agreement.
Learn more International Standard
ISO/IEC 27001:2022 and ISO/IEC 27040: Information Security and Storage Sanitization
ISO/IEC 27001:2022 is the international standard for information security management systems, and ISO/IEC 27040 provides storage-security and sanitization guidance. All Green Recycling does not currently hold ISO/IEC 27001:2022 certification. This page explains the ISO/IEC 27001:2022 and ISO/IEC 27040 frameworks administered by the International Organization for Standardization and benchmarks All Green Recycling's destruction processes against their media-sanitization controls.
Learn more Federal Standard
NIST SP 800-88 Rev. 2: Guidelines for Media Sanitization
NIST Special Publication 800-88 Revision 2, published September 2025, is the United States federal standard for media sanitization. Federal agencies follow it under FISMA, and HIPAA, PCI DSS, GLBA, and FACTA reference it as the benchmark for lawful disposal. All Green Recycling's data destruction processes are operationally aligned to the NIST SP 800-88 Rev. 2 Clear, Purge, and Destroy categories.
Learn more Industry Standard
PCI DSS Media Disposal: Requirement 9.4 and Destroying Cardholder Data Media
The Payment Card Industry Data Security Standard (PCI DSS) protects cardholder data across every organization that stores, processes, or transmits it. Requirement 9.4 of PCI DSS v4.0.1 mandates destroying media so cardholder data cannot be reconstructed. All Green Recycling's data destruction processes are operationally aligned to the PCI DSS media-destruction requirements.
Learn more Federal Regulation
Universal Waste Rule: Batteries, Lamps, and Mercury Devices at 40 CFR Part 273
The Universal Waste Rule at 40 CFR Part 273 streamlines the federal hazardous-waste requirements for widely generated wastes such as batteries, lamps, and mercury-containing devices, to encourage their collection and recycling. All Green Recycling handles these universal wastes and processes them at a facility aligned to ISO 14001:2015 environmental management practices, keeping mercury, lead, and cadmium out of landfills.
Learn more Federal Law
What Is Sarbanes-Oxley and How Does It Affect Data Destruction?
The Sarbanes-Oxley Act of 2002 (SOX) governs financial recordkeeping for public companies and makes the improper destruction of records a federal crime. SOX requires retention of audit and financial records before any media reaches end of life. All Green Recycling's data destruction processes are operationally aligned to lawful end-of-life destruction once the retention period and any legal hold have been satisfied.
Learn more