Your company’s risk management should go beyond evaluating company operations and uncertainties—it should also include assessing the risks associated with IT asset disposal. Companies who fail to properly dispose of IT assets are at risk for data breaches, environmental violations, and non-compliance with industry regulations—all of which are unpleasant, time-consuming, costly and damaging to your company’s reputation.
Risk #1: Data Breach
What is a data breach? A data breach is when a company and/or its customers’ sensitive information reach an untrusted source. Data breaches are fairly common but can cause a cascade of problems for the data owners.
Who hasn’t seen a movie where a disgruntled employee steals a thumb drive or the spy downloads information, but what many people don’t understand is that it only takes one piece of sensitive data: a password, a private document, even a text message, to constitute a data breach. Missing hard drives, lost or untracked equipment, offsite data destruction, sloppy scanning and monitoring of IT asset serial numbers can result in lost data. In a bad actor’s hands, a data breach brings a whole slew of issues and costs that may include fines, penalties, lawsuits, loss in customer and investor confidence and negative publicity.
Despite these known consequences seen in the headline, companies still find themselves victim to data breaches. How? The improper disposal of decommissioned IT assets. When left to inhouse departments or unqualified third-party data destruction services, IT devices are often not handled, tracked and decommissioned in accordance with industry standards and regulations.
It’s important to plan, schedule and carry out erasure and/or destruction services in a thorough manner with a certified third-party.
RELATED: What are our certifications >
Risk #2: Environmental violation
As with disposal of any waste products, environmental pollution and violations are a very real possibility.
Each year, between 80-85% of electronic waste (or, e-waste) is improperly discarded in landfills and trash incinerators around the United States.
“Electronic waste (e-waste) is the fastest growing solid waste stream in the world, increasing 3 times faster than the world’s population (1). Less than a quarter of e-waste produced globally in 2019 was known to be formally recycled; however, e-waste streams contain valuable and finite resources that can be reused if they are recycled appropriately.”
The World Health Organization
This waste releases harmful pollutants and toxins into the air and soil, and can cause serious harm to the environment.
When companies get caught after violating environmental laws or responsible recycling practices, the consequences are harsh, including fines, penalties, payment for cleanup, and in many cases, public relations nightmares.
Risk #3: Non-compliance with industry regulations
As stress relieving as taking a hammer to an old hard drive is, those days are over! Smashing data devices and discarding them in the trash, or re-formatting drives, is no longer enough.
Regulatory standards pertaining to which level and method of data sanitization of IT assets depend on the industry: FACTA, HIPPA/HITECH, PCI, contractual arrangements, legal and compliance policies as well as local and Federal mandates.
RELATED: Certifications >
Without a NAID AAA certified, third-party vendor executing IT asset disposition following written, proven processes, a company will not have the correct records and certifications needed if an audit is performed or a breach is discovered.
In the data destruction industry, service providers should emphasize that reducing risk is their top priority. Whenever sensitive information and IT devices are managed by a third-party or leave the security of the building, look for risk. Improper disposal of IT assets can expose a company to data breaches, environmental violations, and failure to meet industry standards, among other complications.
Read next
- Learn more about e-waste data destruction and ESG >
- 10 tips to keep your business ahead of a data breach >
- Environmental social governance and data destruction >
Sign up for email updates to receive the latest in data security options from Guardian Data Destruction >
