In light of the Equifax data breach, many IT managers and compliance specialists are putting their data security standards and procedures under the microscope. They will be asking:

  • Where does the data trail end?
  • Am I liable for the equipment housing my data after I’ve retired it?
  • How important is IT asset disposition (ITAD) in data security?

Jeff Londres

Data breaches are costly. Preventing data leaks and practicing data destruction best practices are paramount. If IT professionals are not securely and responsibly disposing of assets, they’re ignoring the final stage of the IT asset lifecycle and potentially negatively impacting their bottom line.

ITAD companies can win new clients by pointing out the very real damage that data leaks can cause, and by educating enterprises about the importance of secure certified data destruction and responsible disposal as they retire their IT assets. To be truly successful, however, a highly collaborative ITAD-recycler model should be used where these providers work together to meet the customized needs of individual enterprise clients.

An expensive mistake – from both a financial and reputation perspective

A good reputation is hard to establish and can be even harder to protect. If a company’s name is tarnished by a data breach, not only do they have to go into damage control to rebuild their reputation, there’s also a very real financial cost.

Since the dawn of the new millennium, over five billion users have been affected by data breaches. The average cost of a data breach is now almost $4 million, which represents an average of 25,575 records at an average cost of $150 per record. According to the HIPAA Journal, the healthcare industry feels the sting of a breach even more, at a cost of $429 per record.

What IT managers need to know about ITAD

To avoid data leaks, when IT gear reaches its end-of-life, it needs to be retired or decommissioned responsibly. IT managers must recognize that data security and compliance do not begin and end with real-time security, end user training, patches, shredding, and backups. It is the final disposal of assets that closes the loop on the threat of a data breach.

Educating IT professionals that asset disposal should always be viewed through the lens of data security first is a key strategy in securing new ITAD business. This is always an easier sell if they understand that ITAD is also a way they can enhance their IT budget. Just as ITAD needs to be a critical prong in their data breach prevention strategy, IT asset value recovery should be a key consideration in their budget management process.

The ITAD pipeline and new opportunities

ITAD can be complex. The guidelines for data destruction include NIST 800-88 Rev. 1, PCI DSS, and ISO 27001, three security standards that dictate how digital media is destroyed when no longer in use. IT managers are ultimately responsible for choosing how to dispose of their organization’s data, defining processes and implementing those processes. So they need a partner who will act as a trusted industry advisor and help them navigate the waters of compliance, asset recovery and environmental stewardship.

For many IT managers, that provider was Arrow Electronics. But now that Arrow Electronics is exiting the ITAD space a huge opportunity is knocking at the door of both ITAD companies and recyclers. But to fill this gap, it may mean that more synergy and collaboration is needed. The ITAD-recycler relationship is bidirectional and almost symbiotic: ITAD companies that don’t offer certified disposal need the recycler; recyclers that don’t offer NAID AAA-certified data destruction or want to increase their volume need the ITAD provider.

Here are four things that IT experts typically look for when shopping for an ITAD vendor:

  • Certification – a vendor certified to destroy data, preferably through the National Association of Information Destruction (NAID).
  • Competitive bidding – an organization with deep connections in the IT industry so that they can offer accurate equipment valuations.
  • Compliance – IT pros want a vendor that understands their industry’s compliance requirements and can provide the necessary documentation upon job completion.
  • Responsible Disposal – peace of mind that all waste or scrap is properly disposed of through an ISO 14001-certified recycler, not exported or placed in a landfill.

Ultimately, IT management and compliance experts want a simple, fast, responsible way to destroy their data and move their equipment. Data security is their first priority followed by environmental responsibility. If asset value recovery delivers an unexpected revenue stream or at least a decrease in operating expenses, then that is an added bonus.

By working together, ITAD providers and recyclers can deliver everything the IT department is looking for: a seamless, turnkey solution for both data destruction and responsible disposal.

Jeff Londres is the CEO at NextUse, a global ITAD company specializing in secure data destruction for enterprises, data centers and recyclers.

The views and opinions expressed are those of the author and do not imply endorsement by Resource Recycling, Inc. If you have a subject you wish to cover in an op-ed, please send a short proposal to [email protected] for consideration.