ITAD Summit 2022 was a pleasure. The Florida July weather was (surprisingly) cooler than New Jersey, the hosting Seminole Hard Rock Hotel was gorgeous with plenty of fine locations for client meetups and meals and, after many delays due to COVID, attendees and exhibitors alike were eager to connect, share and solve problems.
As always, we like to share our top highlights from industry events. Below are some of the top topics covered at the ITAD Summit conference sessions, booth chatter and after-hour conversations
1. R2v3 certification is here
There is growing corporate scrutiny on responsible, trackable recycling. The release of the v3 updated standard was discussed and referred to often: who should be certified, how to get certified, when to get certified and the consequences of no certification. The overall message was that R2v3 was developed using many stakeholders to be a thoughtful and flexible standard designed to build trust while closing loopholes in the previous standard. The primary goal is reuse instead of recycling by extending the life of a product.
R2v3 is important to ITADs whose clients have a growing commitment to an ethical supply chain and end-of-life processing. However, its complexity is creating adoption barriers and lags. At one panel session, every ITAD company on the dais, with the exception of one, had used or engaged an outside consultant to guide them through the R2v3 certification process.
Guardian Data Destruction uses downstream processors that are either Responsible Recycling (“R2”) Standard for Electronics Recyclers or e-Stewards’ Standard for Responsible Recycling and Reuse of Electronic Equipment certified.
2. ESG is popping up in more client-vendor conversations
Without a specific or global definition, ESG (Environmental, Social and Governance) is hard to define and a bit nebulous. So, when customers are asking for your ESG approach or documentation, what’s the right answer and why are they asking?
For ITADs, this is an opportunity to tell your story. It’s the best way to position your focus on IT asset audits, moving data destruction higher in the priority list to extend product life, asset serial number verification, data security, device reuse opportunities to the community via donations or recycling events, as well as eWaste diversion, toxin reductions and co2 emissions. By engaging all C-level stakeholders in disposition decision-making (e.g., understanding why to erase rather than shred hard drives), you’ll be able to develop a process that meets company security through hard drive data destruction while supporting your company and your clients’ overall community, eWaste, emissions, ethics, climate change, circular economy and social responsibility (CSR) goals.
3. Locked devices delay or stop all processing
A common complaint in just about every session (one panelist actually screamed out loud) was what to do with “locked” devices. This includes BIOS/Firmware passwords, cloud management, personal locks (activation) and MDM (mobile device management).
Why is this important? Locked devices cannot be wiped properly, and without effective and guaranteed data destruction, there is no resale value for laptops, computers, servers, phones or wearables. And replacement hard drives in servers and computers are not effective for locked devices either. Once installed, locked devices automatically provision the device as soon as they’re connected to the internet.
Client IT departments have to be involved in the release of all tracked devices as they are scheduled for data destruction before redeployment, refurbishment, remarketing or recycling. There is zero value recovery from a device that is perpetually owned by the original installer.
And, a small side note on small batteries. Devices with tiny lithium-ion batteries that need shredding have to be de-batteried. Without removal, fire, explosions and equipment damage are inevitable. ITADs should be prepared to work with their clients to establish a process for removing batteries and screens from tablets, handheld POS devices, kiosks, cell phones and wearables.
4. Clients do not understand modern wiping (erasure) standards
Amazingly, clients are still requesting a DoD wipe of their hard drives because they believe that a 3-pass wipe must be better than a 1-pass. And, if it’s good enough for the Department of Defense, surely it must be the better solution. Here’s the reality of modern disk erasure standards:
The DoD 5220.22-M 3-pass wipe standard is based on 1996 hard drive technology and was last updated in 2006. These “ancient” hard drives needed more wipe passes to ensure that the data was overwritten. Obviously, technology has changed significantly in over fifteen years.
NIST (National Institute for Standards and Technology) 800-88, originally released in 2006 and revised in 2014, considers newer and more varied media storage including magnetic, flash and other technologies. A 1-pass NIST wipe works on solid state HDDs, PCIe HDDs and embedded HDDs such as the M1 chip in an Apple laptop
So, if a client asks for a 3-pass wipe, it’s not overkill. It’s simply not effective with newer technology. In these cases, ITADs should bring in a data destruction expert who can look at the media, assess risk tolerance and then recommend the best method of data destruction: factory reset, erase (clear or purge), destroy (shred, degauss or mutilate). If you have application questions about appropriate erasure for hard drives, contact us or browse these Resource Center articles.
5. The Chain of custody breadcrumb trail is not optional
More and more companies want file-able paper or digital proof that their vendors did what they were paid to do. For ITADs, this means an increased emphasis on chain of custody, asset transfer forms, validation audits for data destruction, secure transport, certificates of data destruction (shred, degauss or erasure) and certificates of recycling. If they’re audited or there is a data breach, you can bet that their IT staff, legal team and brand marketing are going to want that trail of evidence pronto.
Download a sample set of Chain of Custody documentation
6. Right to repair is good – if you know what you’re doing
Essential to ESG importance is the reuse of as much as possible. The new R2v3 standard promotes reuse and a goal of zero waste. These objectives are nearly impossible without the right to repair. The question is who should be doing the repair? ITAD Summit had multiple session and booth discussions on how to safely provide electronic IT equipment repair and replacement services – especially when working with volatile batteries.
7. Staffing shortages are affecting turnaround and service breadth
With the return to work happening just after “the great retirement” following COVID, staffing is a big challenge for all levels of experience. Conversations in the booths and on the conference stage discussed
- employee retention – how to keep existing staff with recognition programs, gas/grocery card rewards, added work-life balance options and employee-selected charitable giving
- outsourcing to fulfill portions of projects rather than give up the complete project opportunity
- outsourcing for the development of new initiates like ESG or R2v3 certification
- expanding partnerships to include international business opportunities and specialty services
- developing CDL driver training programs that include pay during training and service-length bonuses
- software automation of records, tracking and projects to improve processes and substitute for unfilled positions
If you were unable to attend ITAD Summit 2022, we hope that this list is helpful to you. And, if you were there, let us know if there is a big conversation topic that we missed!
More learning resources
We’re focused on helping customers seal off opportunities for malicious, unauthorized data breaches.
- Asset Checklist for your IT Risk Management Plan
- How IT Asset Managers can Prevent Data Breaches (a recorded IAITAM 2022 session)
- 30 common places your company data is stored (and waiting for a breach).
Don’t leave a shred of data behind. Sign up to receive data destruction news.
Talk to us about your needs and concerns. If you like forms, contact Guardian here. Or give us a call at 888-556-9473. We can give you helpful advice or refer you to a local ITAD or VAR.