In this advanced day and age, virtually every organization uses information technology (IT) assets to handle and store large volumes of confidential data. Due to the rapid pace of technological change, the lifespan of computers has dropped significantly, with the average working life of a PC reduced to three or four years. As a result, a large number of IT assets are upgraded annually as organizations go through a technology refresh. Retired or obsolete PCs are then donated, remarketed or recycled.
Navigating the numerous state and federal environmental laws governing the handling of electronic waste can be a time-consuming and challenging process. Thus, most organizations choose to pass on this responsibility to an electronics recycler. Few are aware of the risks this involves. To protect both themselves and their clients from potential liability, e-waste recyclers must not only handle materials responsibly, but be able to document that they've done so.
A recent study conducted by British Telecommunications (BT), the University of Glamorgan in Wales and Edith Cowen University in Australia revealed in August that secondhand hard drives often contain sensitive information belonging to previous owners. The research is part of a five-year study, now in its second year, which aims to identify trends in data security in different regions. For the study, more than 300 hard disks were purchased at computer auctions, computer fairs or online in the United Kingdom, Australia, North America and Germany. A significant number of the disks still contained commercial and individual data. The information recovered included payroll data, employee names and photos, business e-mails and sensitive personal information, all of which could pose a significant threat if it fell into the wrong hands. Similarly, the BBC program “Real Story” discovered used hard drives from the United Kingdom winding up in Nigeria, still packed with personal data.
The electronic waste recycling market is highly competitive and while there are many reputable recycling companies, others do an incomplete job. If a recycler does not properly handle electronic waste, it may place its client at serious risk. Both the client and the recycler could be liable if confidential data is recovered from retired computers or if hazardous equipment ends up in unregulated landfills or in Third World countries.
A reputable recycler should offer a transparent process and full certification of the data destruction using the serial number or some other unique identifier of each PC or hard drive for tracking. Understanding and ensuring the chain of custody is essential to ensuring security once the equipment is out of the client's possession. Helping clients to maintain a detailed and accurate audit trail that provides cradle-to-grave tracking of every item received by the recycler should be part of basic customer service.
A reputable recycler should also establish a sound environmental policy that complies with state and federal environmental laws concerning electronic waste. The recycler should be able to give a detailed account of how it handles electronic waste, how it is disposes of hazardous substances and what is does with the reusable components.
By acknowledging risks and addressing concerns when disposing of obsolete IT assets, e-waste recyclers can help their clients and themselves avoid sticky situations down the road.
Lynette Reichenvater is PR Coordinator for Blancco Ltd., a data destruction and computer reuse management firm headquartered in Joensuu, Finland. She can be reached at [email protected].