The e-waste problem has reached crisis levels, according to a report by the World Economic Forum. The numbers tell the story: 50 million tons of e-waste are produced globally each year and, left unchecked, this could more than double to 120 million tons by 2050.
As dire as the situation sounds, ITAD companies are particularly well-positioned to play an important role in keeping used and old computer equipment out of our landfills. Because ITADs are extremely knowledgeable about best practices when it comes to disposing of assets in a safe and environmentally friendly manner, one area where they can provide added value to their customers is by positioning themselves as strategic advisors instead of simply disposers of IT-related hardware. ITADs understand how to advise customers, especially large enterprises, about the process of streamlining disposition of assets while minimizing costs and maximizing return on investment.
There is, after all, much more to asset disposal than just device shredding. Among the areas where ITADs should be able to tout their expertise are:
- On-site validation of asset inventory.
- Packing and removal of equipment.
- Proper disposal of ecologically sensitive materials.
- Options for charitable donations of unwanted equipment (and how this option can reduce or eliminate environmental disposal fees).
- How to leverage good equipment practices to boost an organization’s corporate social responsibility reputation.
Most importantly, ITADs must be knowledgeable about how to securely erase company data that resides on “aged-out” assets – no matter the plan for disposing of the equipment. This is critical to the security of the ITAD’s customers, as well as that organization’s own customers and partners. It’s simply not enough to just “wipe” the hard drive of a PC, laptop or smartphone. Full and secure data sanitization is critical to prevent security breaches and data leaks, and ITADs and recyclers that build and maintain robust security policies that safeguard sensitive data will set themselves apart from their competitors. Providing certification of secure erasure proves to customers that they can trust the process (and their ITAD partner) and that wherever aged equipment ends up – destroyed, recycled or reused – sensitive corporate and customer data will not be compromised or sold on the black market.
The only way to ensure complete data sanitization is to remove sensitive data from IT assets prior to their destruction or resale. Physical destruction, by either degaussing or shredding, is not infallible. With destruction, small portions of drives may be left intact and data can be recovered. Degaussing is an option for HDD devices, but only if using a high-quality degausser that is working properly. If a company chooses either of these methods, the organization must ensure that data sanitization is managed and audited properly with a fully secure and visible chain of custody. Other methods, especially drive reformatting, expose companies to high risks of a data breach. Someone with the right skills will likely be able to recover most or all of the data on a reformatted disc. This is unfortunate given our recent study which found 34% of respondents ranked drive reformatting as one of their top three options for providing the highest protection against a data breach.
Appropriate software-based overwriting that certifies all data has been removed securely and provides a clear audit trail will guarantee compliance with the most rigorous data privacy and protection standards, including the General Data Protection Regulation (GDPR), a European Union law, and the new California Consumer Privacy Act (CCPA). GDPR may have been the model for the CCPA, which went into effect starting this month, but CCPA actually goes much further than the GDPR, making it one of the toughest and most comprehensive data privacy laws in the country. The new law will regulate how large enterprise companies handle Californian’s data and holds these organizations accountable for how this data is managed, stored and disposed.
The CCPA will provide new opportunities for end-of-life companies, including ITADs, as these organizations step up to help enterprises adapt to myriad challenges, including data disposal, compliance issues, and data privacy and security. By incorporating secure erasure into their product portfolios, ITADs can fill an important role in assisting these organizations in securely managing the sanitization of company and customer data in order to meet the new standards required by the CCPA.
By coupling data sanitization with the reuse and recycling of that old office equipment, and by becoming experts in the full disposal ecosystem, ITADs will move beyond being simple disposers to solidify their positions as valuable partners and an important part of the e-waste ecosystem, helping to safeguard our environment and decreasing the number of assets that end up in our landfills.
Alan Bentley is president of global strategy at data erasure company Blancco.
The views and opinions expressed are those of the author and do not imply endorsement by Resource Recycling, Inc. If you have a subject you wish to cover in an op-ed, please send a short proposal to [email protected] for consideration.