Are there any electronics that do not store, access, process or backup data in today’s digital world?
Regardless of its function most electronics manage data in some way whether on a hard drive, USB flash drive, memory card or other. While this is not a new concept to consider when managing equipment in its live environment, it is often overlooked when it comes to responsible IT asset disposition (ITAD).
If you were not already considering data security in your electronics recycling plan, it would be best to prioritize it. Reports have shown the global average cost of a data breach to be $3.92 million, a figure that continues to increase. Taking every precaution to prevent a data breach from happening is extremely important.
While data breaches occur often by bypassing network security remotely, physical attempts to steal local files are common as well. Physical data theft attempts can occur whether devices are in use or are collected for recycling. There are a few areas throughout the e-recycling process where without adequate security protocols in place, items can be at risk for data threats.
Electronics are one of the most-stolen product types
When it comes to cargo-theft specifically, electronics are among the top three commodities stolen globally. 37 percent of these thefts happen while cargo is in transit, with 14 percent occurring while in the warehouse. Electronics recyclers today have to consider how they will help transport equipment back to their facility securely; and then how to maintain security of the equipment once it arrives and is prepared for further processing.
Reuse is the first step of recycling
Many businesses choose to enable reuse of their replaced or retired IT equipment as an option that delivers back the most returned value. A qualified and experienced ITAD vendor can present this to you as an opportunity for a new revenue stream and the process alone helps minimize your overall environmental impact.
It is encouraged to make sure you use an appropriate partner when considering reuse of equipment. If the recycling vendor is also managing the reuse of equipment, look into the data wiping and erasure services they provide to ensure they are performed sufficiently. For example, Blannco, a data erasure company, conducted a study that analyzed storage devices purchased on e-commerce sites and found that 42 percent still retained some data.
Read this blog post for information to reference when vetting your ITAD provider’s reuse process.
Irresponsible recycling can increase physical data threats
The process of e-Recycling involves the collection, testing/tracking, remarketing and final disposition and recycling of materials. Depending on what condition IT assets are in upon collection, data may remain on storage devices.
When working with a legitimate recycler, there will be some mechanical operation and infrastructure in place to dismantle devices, separate components (including removal of any hazardous waste), and shred materials into different sorts.
Once shredded the material is separated again, and commodities of value are sent to downstream recyclers and refineries for reuse. These refined commodities are sold to manufacturers to be made into new products.
There have been some circumstances however, where these steps were not taken and devices ended up dumped in developing countries. When this happens, it not only becomes an environmental disaster in addition to a PR nightmare, but this can also leave you at risk of data exposure as well.
In some cases, data can be retrieved from hard drives shredded for recycling
Believe it or not, if somebody really wanted to try and retrieve data from a shredded hard drive, there are ways they could attempt to rebuild the data from the shredded pieces. While unlikely, this is possible.
It is for this reason that choosing data destruction services wisely may go a long way.. Considerations for ensuring data destruction might include:
- Erasing data (via degaussing or wiping) prior to shredding,
- Witnessing data removal and destruction processes, and/or
- Reviewing security standards implemented and maintained by your ITAD vendor.
A few of the top security standards that recyclers or data destruction vendors may hold around the world might include:
- National Association for Information Destruction (NAID) AAA Certification – Global – Secure data destruction industry’s standards setting and oversight body.
- Transported asset protection association (TAPA) – North America – Freight security requirements standard.
- Information Security Management System (ISO 27001) – Global – Relates to the recycling of waste electrical and electronic equipment, asset management involving secure data eradication and the repair and reuse of electrical and electronic equipment.
- Assured Service (Sanitisation) scheme (CAS-S) – United Kingdom – Scheme offered by NCSC for companies wishing to provide sanitization services to owners of highly classified Government data.
Electronics recycling is often viewed from an environmental perspective as preserving resources and minimizing waste but as you can see, these services provide much more value. It is recommended to take your ITAD program seriously and consider all security aspects of the process to ensure your company data, brand and liability is protected.