The proper disposal of e-waste is a critical component of any data security strategy. In the past, organizations simply had their server hard drives erased. But think about other places where data is stored in your organization – desktop computers, mobile devices, printers, copiers and various Internet-connected company assets. When each piece of equipment reaches the end of its useful life, what happens to it?
E-waste has become big business. A simple Google search will provide you with a list of companies that will come to your place of business, collect your outdated equipment, and take it away. Many will do it for free. But who from your company is responsible for taking inventory of this equipment and making sure all data has been removed? When that truck pulls away from your building, do you know where those IT assets are going?
Aside from obvious environmental concerns related to improper disposal of hazardous materials, e-waste poses serious security, legal and compliance risks. Even after technology supposedly has been wiped clean, sensitive data often remains. Less-than-reputable e-waste recycling and removal companies know this. They don’t charge you because they make money by selling your assets.
Technology is typically shipped overseas to developing countries, where it can be taken apart for pennies on the dollar by low-wage workers. Trade secrets, intellectual property, financial information and other sensitive data remaining on devices are stolen, precious metals are removed, and any salvageable parts are used to make counterfeit products. Any remaining e-waste is often dumped in fields, burned and treated with dangerous chemicals, exposing workers to hazardous substances.
When industry watchdog Basel Action Network (BAN) used GPS tracking devices to follow e-waste during a two-year period, it found that 40 percent of tracked American electronics recyclers were illegitimate. A recent update of the study found that many of the companies that export e-waste to developing countries made public claims that they never do so.
You might choose to avoid this scenario by donating your technology to a school or nonprofit. But even if you donate your IT assets to worthy causes and reputable organizations, there’s still a risk of data exposure.
Organizations need to work with certified e-waste disposal and recycling companies. That includes not only the R2 certification, which still allows e-waste to be exported, but also the e-Stewards Certification, which was created by BAN and continues to use GPS tracking to verify disposal integrity. Reputable companies will provide you with a detailed inventory of each piece of technology and what was removed from it. These records provide you with evidence of proper disposal in case of an audit. Some companies will even let you watch the shredding of technology so you can rest assured that your data won’t be exposed.
Of course, organizations should have decommissioning and e-waste disposal programs in place before selecting vendors to handle the removal and/or destruction of IT assets. Verteks can help you develop policies and procedures that are environmentally responsible and minimize compliance and security risks. Let us help you make e-waste disposal part of your overall technology strategy.