A New Approach to IT Asset Disposal

CIO Review Europe | Wednesday, June 29, 2022

Rethinking IT Asset Disposition (ITAD) and making it more top of mind is critical as product cycles shorten, technology evolves at a faster pace, and more companies turn to cloud services.

FREMONT, CA: According to the UN, humans produce over 53 million tonnes of electronic garbage or e-waste annually, and by 2050, that number is expected to have more than doubled. E-waste is now the waste stream with the fastest rate of growth worldwide. IT is now a significant contributor to our environmental footprint, not just in terms of energy use but also in terms of the gear itself. Heavy metals (including mercury, lead, cadmium, and others) can leak from these devices and enter the environment, posing a variety of problems. E-waste also raises urgent legal and security concerns. A total of about 25 states, plus the District of Columbia, have passed legislation mandating some amount of electronic waste recycling and establishing fines for violations. To attain a 70 per cent recycling rate, Ontario, Canada, has begun implementing new e-waste legislation. Additionally, several data privacy and protection rules and regulations, including international law, have a significant impact on the disposition of IT assets. According to the severity and circumstances of the breach, companies subject to the General Data Protection Regulation (GDPR) may be subject to hefty fines of up to 20 million Euros, or four per cent of annual global revenue.

Typical ITAD missteps

1. Oversimplifying: Many firms consider properly disposing of outdated IT hardware to be a simple process—just clean the equipment off and have it carted away. However, it's not quite that easy. Wiping, shredding, and degaussing are intricate processes that call for tried-and-true methods and effective operations. Even after deletion, formatting, or reset, the data can remain on the device. The risk of a data leak still exists if the data is not adequately sanitised or the media is not securely destroyed.

2. Leaving ITAD to do it: IT department may or may not have the necessary skill sets for the technical, legal, logistical, and administrative requirements of disposing of IT equipment safely and securely, including:

• Coordinating with the departments and individuals who depend on the data and the end-of-life devices.

• Putting in place the precise steps required to completely wipe any existing data.

• Evaluating the accuracy of the chain of custody (recording who had access to the devices and when).

• Examining a third-party provider's environmental and data security credentials.

There is no denying that IT is involved, but so are other administrators, departments, and senior management.

3. Underestimating legal liability: The rules and laws controlling e-waste are expanding along with it, as are the penalties for breaking them. A recent USD 60 million fine was imposed on one financial services business for improperly managing the decommissioning of two data centres. Companies also need to be concerned with laws and regulations that apply to all types of garbage, not only e-waste. As mentioned above, e-waste is also governed by HIPAA, the MEGABYTE Act, and Sarbanes-Oxley in addition to industry standards like PCI-DSS, state privacy laws like the California Consumer Privacy Act (CCPA), and federal regulations like the GDPR (SOX).

Read Also

follow on linkedin follow on twitter

Copyright © 2022 CIOReviewEurope. All rights reserved.         Contact         |         Subscribe