Do You Really Know Where Your Disposed Data Winds Up?

As newer and better electronics hit the market, the question of what to do with the old ones is crucial. In this three-part series, electronics recycling expert Joseph Yob explores how thoughtful e-recycling processes can preserve the environment, protect your sensitive data, and utilize sustainable green technology.

The dawn of the digital age was not unlike that of the Wild West. Information and data ran amuck, riding lawlessly across the uncharted Internet into new social media platforms, blogs, news channels and websites. These reckless ways built poor habits and lax security systems that are only beginning to be righted. However, the past several years have seen an influx of discussion and legislation surrounding data security, and everyone from global corporations to college students have recognized the importance of policing their own information, online presence and data sprinkled across hard drives and memory-containing electronic devices.

Current laws related to the safe handling of information are numerous and demand strict attention from publicly traded companies and private organizations alike. Corporate liability, identity theft, medical records and intellectual trade secrets are all sensitive information that by and large are stored on computers, electronic devices, and online databases. Several security breaches have drawn media attention of late, such as those at Home Depot, Target and Neiman Marcus Group, and the growth of cyber risk and data breaches have increased by more than 20 percent over last year, according to Business Insurance magazine.

By law, companies are required to maintain certain records and to avoid unauthorized disclosure, corruption, and loss of data. Failure to do so can lead to legal actions and scandals, not to mention loss of profits, customers, and reputation. One element that is often neglected is how to safely dispose of old computers, laptops and other data-containing electronic devices.

The Environmental Protection Agency estimates that up to 80 percent of end-of-life electronics given to recyclers today ends up landfilled, re-sold, or shipped overseas, which places the sensitive information contained in that equipment at risk for retrieval. Children in impoverished countries have even proven themselves remarkably adept at retrieving information from discarded hard drives – restoring bank records, photographs and private records of all kinds.

Regardless of what you may have been told, there is no safe or secure way to fully wipe or erase your electronic data. Anything short of shredding or physical destruction puts your data, your company, and your employees at risk. It is important to make sure that your electronics recycler is a processor, not an exporter, re-seller or asset manager. Make sure to do your research and “follow the truck,” so you can make sure your data is protected and do not end up contributing to the widespread environmental problems resulting from substandard recycling processes.

Ensuring that your corporation, community organization or school is taking the best precautions in protecting electronic data is imperative. As a longtime member of the electronics recycling industry, I recommend that you follow these three steps to keep your company, consumers, and brand protected:

Get competent professional help. You can’t manage what you can’t measure, so the first step in protecting your privacy and preventing liability is to seek competent advice from a data security professional. See what the professional can find. How are your company’s personnel files and sensitive records stored? What is your current process for discarding end-of-life computers and electronic equipment? Do you know where your information really is?

Perform a risk assessment. Twenty-first century life demands that all businesses – and individuals for that matter – undergo a risk assessment. To protect your information, your identity, and your brand, you first need to know where the danger is and determine your actual worst-case scenario. In what ways are you prepared? In what ways are you vulnerable?

Create and implement a plan. Every corporation, government, school, hospital and store needs to have a plan related to data security, and each plan should address the safe disposal and recycling of your end-of-life electronics. Appoint an operational risk committee, draft a company policy and close all of your loose ends. It is also important to be prepared and have a chain of command in case you do experience a security breach. Good news should travel fast, but bad news must travel faster in order to repair any damage and protect your brand.

While no one can predict the next computer virus or security hack that may affect businesses or individuals, everyone can protect themselves by consulting a professional, assessing their own risk, and establishing a plan. One of the simplest ways to avoid liability is to securely dispose of your end-of-life electronic devices. Never discard your old hard drives or memory-containing electronics without knowing who is recycling your products, and how their operation works.

Joseph Yob’s first article in this  series can be found at www.corpmagazine.com/technology/green/toxic-tech-environmental-risks-from-old-electronics/.