End-Of-Life IT Asset Management: Proper Disposal is Key to Maximum Value Recovery with Minimal Risk….
Every business, organization and individual buys IT equipment, normally as an upgrade. Leaving consumers aside, businesses and organizations have two responsibilities: to dispose of any redundant IT Assets according to environmental regulations and other relevant laws, to remove any data that may have been stored on that equipment to comply with the Data Protection Act as well as any other industry-specific legal requirements.
This is a hassle. Everyone is much more excited by the new stuff, how to buy it, how to install it and set it up, and about training people to use it and so forth. It’s new, it’s shiny and we all like new toys. Removing the old stuff is not so exciting. So the task is normally delegated.
When it comes to removal of Old IT Assets, three things are most worrisome: By far the most worrying is simple ignorance. Even though those in charge of disposal are highly technical people , but even large businesses fall foul of the odd calamitous data breach.
The EPA has some cursory advice which could be summarized as “get help” and along with the environmental, data breach laws that threaten companies with decapitation and public ignominy if they screw up, but there is much more legislation out there than education for those who risk falling foul of those laws.
Second is apathy. A lot of people responsible for IT asset disposal (ITAD) assume the bad things won’t happen and that they won’t get caught cutting some corners, saving some money and hassle. They may suffer from a little ignorance too, but basically these are the guys who will risk a second pint before driving home.
Finally, we have suspicion. These are the guys who suffer from a little ignorance and apathy but crown it all by reminding themselves that they paid a load of cash for their stuff and they therefore refuse to believe they may have to pay to remove it from their premises.
The result of these three things are either evident on the Data Breach Hall of shame, or they are filling that old storeroom at the back of the office, increasing Total Cost of Ownership, adding on to company overheads.
The Blumberg Advisory Group’s 2014 ITAD Trends Report shows that data security is the number one reason why companies implement an IT asset disposition (ITAD) strategy. That companies are concerned about data security is no surprise. Ongoing media reports have not only focused on data breaches, but have also highlighted examples of sensitive data being found on retired assets. The costs associated with data breaches and with the improper disposal of IT assets are great. They include financial implications such as penalties as well as the loss of customer loyalty and reputation. To mitigate risk, asset recovery management is critical to companies operating in today’s global supply chain.
Data security is viewed as an important piece of asset recovery management
Ninety-nine percent of companies surveyed by the Blumberg Advisory Group reported that “concern about data security” is either “very important” or “extremely important” with respect to motivating the creation of their current end-of-life IT disposition strategy. Other important factors include: commitment to “Green” businesses and IT practices, mitigating legal and financial risks, and redeploying assets to reduce costs (Table 1).
Good ITAD is simple. On the environmental side, it is about sustainability. Extending the life cycle of any piece of kit is best practice, because some 80 per cent of the harm is caused during manufacture. So good service providers work hard to remarket whatever they collect. Most of it is worth peanuts but some things are worth a lot, and in those cases revenue obtained should be shared with the previous owner.
We say “shared” because the kit needs cleaning, testing, new software, selling and delivering as well as storing in the meantime. If there is no resale value, it needs to be broken down and recycled. Zero per cent to landfill should be a given.
However, before any of that nice green stuff can happen, we have to deal with the data. In ITAD terms that means managing anything that has a memory – not just computers but mobile phones, fax machines, credit card readers, printers, copiers and tablets.
So when someone offers to collect your pile of clapped-out desktops for free, promising faithfully to do all this stuff, do you take them seriously? Do you ask question if they are certified/audited company or some a brokerage company selling your material to the highest bidder in market, who might be sitting 1000s of miles across in Africa or China!
A lot of people don’t and they risk large fines and a publicity nightmare as a result. This is why we should all be getting together to demand education as well as legislation from the EPA, to avoid data breaches. We need clear, concise best-practice guidelines that give every business, large or small, a fair chance to do the right things. And we need to promote a recognizable industry accreditation that gives everyone more confidence in the suppliers they choose.