If firms are not already disposing of hardware with cyber risks in mind, they should be. The SEC Office of Compliance Inspections and Examinations’ recent report related to cybersecurity and operational resiliency practices includes a new focus on the proper disposal of hardware, a topic also included in its 2020 exam priorities. This is a concern across all industries, and the SEC’s expectations echo those of other regulators. This article, the first in a two-part series, discusses what is driving the focus on these protections, types of hardware that should be considered, applicable laws and guidelines and what protections the regulators expect firms to have in place. Part two will address how to keep track of the relevant hardware, best practices for creating and implementing policies, and safeguards for using third parties. See “Preparing for the Latest SEC Cyber Sweeps” (Jun. 26, 2019).