On the surface the task of disposing of your decommissioned IT assets may seem simple. Hand them off to your IT team. Assume they get the job done. Mission accomplished.
In reality, IT asset disposition (ITAD) is a lot more complicated. The host of environmental and government regulations combined with the threat of costly data breaches pose significant challenges to the average organization.
If you are considering performing your own IT refresh, make sure you take an honest look at the capabilities of your operation. Unless the answer is a resounding “Yes” to the following questions, you are putting your organization at risk:
Do you know the details of the regulations that govern electronically stored data?
Are you 100 percent certain that your organization is in possession of and knows how to use the correct data erasure software?
Do you know all EPA-regulated, certified, and audited disposition channels?
Are you confident your IT team will be able to properly wipe hard drives and memory storage systems, and then remarket or recycle the assets in accordance with all regulations while also recovering ROI?
Also, consider the following issues:
Losing track of assets: As many organizations have experienced, it only takes a single hard drive to cause a devastating data breach. And, surprisingly perhaps, it is not uncommon for organizations to lose track of assets – four out of five corporate asset disposal projects have at least one asset missing. In addition, IT teams tasked with performing ITAD next to their everyday duties are naturally distracted. Without a formal system to track each asset, some may be stolen, lost, or misplaced. On-premise theft of retired equipment further accounts for a large percentage of security incidents.
Improper destruction: Even when an organization keeps careful track of each retired asset, the risk of a data breach remains if the hard drive or memory storage system is not properly wiped of any traces of encrypted data. Digitally wiping or physically destroying data is, as many news reports of data breaches illustrate, a much more complex undertaking than many organizations realize. And the accidental release of proprietary, confidential, or personal information can have severe implications. The cost of an average data breach keeps skyrocketing, reaching $3.5 million in 2014, a 13 percent increase year over year. Organizations pay the price in:
- Damaged Reputation
- Lawsuits brought by affect parties
- Falling stock prices
Complex regulations: The regulations that govern electronically stored data sound like an alphabet soup that all the same cannot be ignored. HIPAA/HITECH, FACTA, SOX, GLB, and FERPA regulations include anything from stringent data protection rules of consumers’ non-public, personal information to the use and disclosure of certain information held by healthcare service entities. Non-compliance can result in hefty fines. Also, bear in mind court cases hold companies, not their ITAD vendors, responsible for protecting data. What C-level executives do not know about data sanitization could cost them millions of dollars.
Environmental hazards: Fifty-eight percent of customers pay attention to a company’s environmental and social reputation before they decide whether to do business with them, according to the National Marketing Institute. The figure showcases yet another risk of improper IT asset disposition – careless disposition may not only cause the environment harm, but also undermine public trust in the company. Organizations also risk having to pay a steep price for sending electronics to landfills rather than compliant recycling facilities as fines for water and air contamination may amount to thousands of dollars per day.
If in-house ITAD is more than your organization can confidently handle, seek the assistance of a trusted third-party provider with the right certifications. Your ITAD provider also knows how to channel your assets through the right markets, maximizing ROI.
For your peace of mind and the security of your data, it’s a win-win.