Your company’s risk management should not stop at assessing company operations and uncertainties but should incorporate the risks of IT asset disposition, or disposal. Companies who fail to properly dispose of IT assets, risk dealing with data breaches, environmental violations, and non-compliance with industry regulations, all of which are unpleasant and damaging to the reputation of a company.
RISK #1: Data Breach
What is a data breach? A data breach is when a company and (or) its customers’ sensitive information reach an untrusted source. Data breaches are fairly common but very problematic. Everyone has seen a movie where a disgruntled employee steals a thumb drive or the spy downloads information onto a disc, but what many people don’t understand is that it only takes one piece of sensitive data: a password, a private document, even a text message, to constitute a data breach.
With a data breach comes a whole slue of issues, including fines, penalties, lawsuits, loss in customer and investor confidence, and negative publicity. Despite these rather harsh consequences, many companies still find themselves victim to data breaches. How? The improper disposal of decommissioned IT assets. When left to “in-house” departments or unqualified third-party erasure services, devices are often not handled and decommissioned in accordance with industry standards and regulations. For this reason it is important to plan, schedule and carry out erasure/destruction services in a thorough manner with a certified third-party.
RISK #2: Environmental Violation
As with disposal of any waste products, environmental pollution and subsequent violations is a very real possibility. This is especially a factor when companies choose to do “in-house” erasure, leaving their existing IT staff to manage the process.
Each year between 80 and 85 percent of electronic waste is improperly discarded in landfills and trash incinerators around the United States. This waste causes harmful pollutants and toxins to be released into the air and soil, causing serious harm to the environment.
When companies are found violating environmental laws or responsible recycling practices, they often find themselves facing harsh consequences. Those who get caught are subject to fines, penalties, payment of cleanup efforts, and in many cases, public relations nightmares.
RISK #3: Non-Compliance with Industry Regulations
As stress relieving as taking a hammer to an old hard drive is, those days are over! Smashing data devices and discarding them in the trash, or re-formatting drives, is no longer enough.
Regulatory standards pertaining to the erasure and or destruction of IT assets depends on the industry: FACTA, HIPPA/HITECH, PCI, etc. Without a properly certified, third-party vendor to perform IT asset disposition, a company will not have the correct records and certifications needed if an audit is performed.
In the data erasure industry, erasure service providers will tell you that mitigating risk is their number one priority. Anytime sensitive information and IT devices are being handled by a third-party or leaving the security of a company building, risk is involved. The improper disposing of IT assets can put a company at risk of data breaches, environmental violations, and failing to meet industry standards, among other complications.