A guest post from ICT Asset Recovery - Ronnie Deaver 

In the first two installments of this series, we’ve been talking about the major risks of throwing out old IT equipment instead of recycling this type of “e-waste”.  The issue of e-waste is an important environmental and health concern that companies need to be taking seriously while addressing with compliant solutions for disposing of unwanted and outdated IT equipment.

Haven’t read Part 1 and Part 2? Check out the Compliance Risk and Environmental Hazard that e-waste poses.

Now we’re going to discuss an issue that is just as important in our current global culture and where identity theft and other cyber-crimes run rampant: data security and destruction after equipment has outlived its usefulness.

Data Security Risks

Technology is a powerful tool that has made everyone’s lives a whole lot easier by storing and distributing sensitive information more efficiently. However, personal information can also be used in illicit ways when it falls into the wrong hands, resulting in thefts, malicious distribution, blackmail, and more. Big companies aren’t excluded from these actions—even large corporations like Target have experienced data breaches.

Because of these dangers, companies should be taking security of client’s personal information extremely seriously whether it’s financial or credit card information, medical records, addresses, or other private data. Most companies do take these threats seriously, at least while they maintain the equipment that stores the sensitive data. But what happens when it’s time to upgrade or replace equipment? How do you continue to protect the data?

Can equipment be re-used after data is wiped?

Commercially certified programs are available that can wipe hard drives completely through a number of methods while leaving the equipment intact for reuse if so desired.

How can data be destroyed safely?

For permanent and total data destruction, along with safe disposal of the hardware that houses the data, a two-step process is advisable which ensures total destruction and security of sensitive information.

First, the storage hardware must be “degaussed” which refers to erasing the data from the drive using a strong electromagnetic field. Once this process is complete, the storage hardware should be shredded or otherwise physically destroyed and then recycled.

For many companies it is not practical or cost-effective to maintain the equipment necessary to complete this process, so these businesses hire recycling companies to destroy the data and recycle the components from the hardware.

Are there regulations on data destruction?

Today, many laws that pertain to e-waste disposal and data destruction are already in place but some are still vague. Since the issue of data destruction is still fairly new, these laws continue to develop and change as we gain more knowledge and discover new technologies. Regulations vary by region and there can be significant penalties for violations of these regulations.  Keeping up with the vast amount of laws can prove difficult, which is why hiring an external recycling service is the best choice for many companies.

Which industries are at greatest risk?

While many companies might have sensitive data such as credit card information, addresses, phone numbers, and even social security numbers in their databases the medical, technology, and financial industries are at especially high risk for catastrophic data breaches.

Even if your company stores very little client data, sales records, proprietary information, and other company information it could all be useful to competitors and thieves if not properly safeguarded.

How is your company handling data destruction?

Do you know what your company is currently doing with unwanted technology, particularly equipment with sensitive data on it? At the end of the day your company is accountable for the safety of that data. How would you feel as a client if you found out your data was simply being tossed in a landfill where anyone could come across it? If you don’t have a safe and secure method for protecting data during disposal then it’s time to develop one.

How can you improve your practices and policies?

It is important to have a clear, set protocol when it comes to data destruction, security, and the disposal of e-waste.  Don’t take shortcuts and make sure you have a written policy to prevent any unclear areas and uncertainty when dealing with the sensitive data of others. The last thing you want is a data breach and the news to surface that you had no formal policy for protecting client data.

How do you know a recycling company is reputable and trustworthy?

Your clients have entrusted their personal data to your company, so it’s completely understandable for them to be worried about your security processes.  Certification(s) of the company chosen for secure data destruction can be an important factor and helps ensure they are complying with regulations or best practices. Your company can be held liable by the Environmental Protection Agency (EPA) in case of compliance violations, so it’s important to find a recycling company you can trust.

Making Safe & Compliant Solutions a Priority

Don’t let your company brush aside the importance of data security. It’s time to make safe and compliant IT equipment disposal a priority.

Not sure where to turn for your recycling solutions? ICT Asset Recovery offers customized, comprehensive plans to solve each company’s e-waste problems in an efficient and effective way. Fill out one of these forms today to learn more about how ICT could help your company get on track for compliance.

Sources: 

http://www.semshred.com/contentmgr/showdetails.php/id/2480

Susannah Bruck