Why data security is a big part of the recycling process

Sims Lifecycle Services (SLS) plays a critical role in helping businesses and data centres manage the profound shifts in how and where technology is managed. As a worldwide leader in IT asset and cloud infrastructure reuse, redeployment and recycling, SLS offers IT asset disposition (ITAD) and e-waste recycling solutions for businesses.

In today’s digital world, are there any electronics that do not store, access, process or back up data?

‘Regardless of its function, most electronics manage data in some way whether on a hard drive, USB flash drive or memory card. While this is not a new concept when managing equipment in its live environment, it is often overlooked when it comes to responsible IT asset disposal. In fact, a report from Deloitte found 33% of IT executives reported having little or no formal IT governance policies in place. 

If you are not already considering data security in your electronics recycling plan, it would be best to prioritise it now. Reports show the global average cost of a data breach to be US$ 3.86 million (EUR 3.53 million, up 6.4% from the year before, and with no signs of lessening. Why would you not want to take every precaution to try to prevent a data breach?

While data breaches often occur when network security is bypassed remotely, physical attempts to steal local files are also commonplace. Physical data theft attempts can occur whether devices are in use or have been collected for recycling. There are several areas throughout the e-recycling process where, without adequate security protocols in place, items and data can be at risk.’

What are among the most stolen types?

‘When it comes to cargo theft specifically, electronics are among the top six commodities globally. Two-thirds (66%) of these thefts happen while a cargo is in transit with 11% occurring in the warehouse. Electronics recyclers today have to consider how they will help transport equipment back to their facility securely, how to maintain security of the equipment once it arrives and again when it is prepared for further processing.’

What is the first step of recycling?

‘Many businesses choose reuse of their replaced or retired IT equipment as an option to deliver the most returned value. A qualified and experienced IT asset disposal (ITAD) vendor can present you with an opportunity for a new revenue stream and the process alone helps minimise your overall environmental impact.

It is recommended you use an appropriate partner when considering reuse of equipment. If the recycling vendor is also managing the reuse of equipment, look into the data wiping and erasure services they provide to ensure they are performed appropriately.

For example, the National Association of Information Destruction (NAID) conducted a study regarding devices resold in “regular commerce channels” and found that 40% still contained personally identifiable information. Here is some information to reference when vetting your ITAD provider’s reuse process:

Irresponsible recycling can increase physical data threats

The process of e-recycling involves the collection, testing/tracking, re-marketing and final disposition and recycling of materials. Depending on what condition the IT assets are in upon collection, data may remain on storage devices.

When working with a legitimate recycler, there will be some sort of mechanical operation and infrastructure in place to dismantle devices, separate their components (including removal of any hazardous waste) and shred materials into different sorts. Once shredded, the material is again separated and commodities of value are sent to downstream recyclers and refineries for reuse. These refined commodities are then sold to manufacturers to be made into new products.

There have been some circumstances, however, where these steps were not taken and devices have ended up dumped in developing countries. When this happens, it not only becomes an environmental disaster, as well as a PR nightmare, but can also leave you at risk of data exposure.

In some cases, data can be retrieved from hard drives shredded for recycling

Believe it or not, if somebody really wanted to try to retrieve data from a shredded hard drive, there are ways they could attempt to rebuild the data from the shredded pieces. While this is very unlikely, it is possible given sufficient motive.

For this reason, taking extra effort when considering data destruction services may go a long way to protecting you in the end. Considerations for ensuring data destruction might include:

• Erasing data (via degaussing or wiping) prior to shredding
• Witnessing data removal and destruction processes
• Reviewing security standards implemented and maintained by your recycler or data destruction vendor

The top security standards that vendors around the world may hold include:

• National Association for Information Destruction (NAID) AAA Certification – Global – secure data destruction industry’s standards setting and oversight body.
• Transported asset protection association (TAPA) – North America – freight security requirements standard.
• Information Security Management System (ISO 27001) – Global – relates to the recycling of e-waste, asset management involving secure data eradication and the repair and reuse of electrical and electronic equipment.
• Assured Service (Sanitisation) scheme (CAS-S) – United Kingdom – scheme offered by National Cyber Security Centre for companies wishing to provide sanitisation services to owners of highly classified Government data.

Electronics recycling is viewed from an environmental perspective as preserving resources and minimising waste but, as you can see, these services can provide much more value than that. It is recommended to take your IT asset disposal and electronics recycling programme seriously and consider all security aspects of the process as well as ensuring your company data, brand and liability are protected.’

Find out more >>