Businesses of all sizes own and operate technological devices such as smartphones, tablets, and computers. These devices often contain sensitive data, such as customers’ names, credit card numbers, and other types of personally identifiable information. This information must be kept secure at all times–especially when the devices are no longer being used.
If a device is replaced or no longer needed, it must be disposed of properly to ensure the data stored on it does not fall into the wrong hands. Every business should establish an IT asset disposition (ITAD) plan to outline how IT assets should be handled when they are no longer in use. But unfortunately, many small business owners do not have one of these plans in place. If your small business does not have an ITAD plan, now is the time to create one. Here’s what you’ll need to know:
Check Your Inventory
Before you start putting an ITAD plan together, it’s recommended that you take inventory of your assets. Small businesses are generally not as careful as large businesses when it comes to keeping track of their IT assets. But, this step has to be taken so you know what assets should be covered in the plan.
Although most of a business’s data is stored on smartphones, tablets, and computers, there are plenty of other devices that also contain data. For example, some business owners may be surprised to learn that devices such as printers and fax machines contain a small amount of data. These devices will need to be disposed of in the same manner as smartphones and computers, so don’t forget to keep track of them as well.
Plan How to Manage Inventory
You will need to determine how to manage your IT inventory moving forward. Every IT asset should be tracked beginning the moment it is purchased. You will need to develop a system that allows you to keep tabs on every asset in your possession. The tracking should continue until the asset has been completely destroyed by your e-waste recycler. If you don’t have this system in place, it will be very difficult to keep track of your assets, and more importantly, the data stored on them.
Learn the Laws
Businesses within certain industries must comply with a number of laws when disposing of IT assets. For example, businesses within the healthcare industry must comply with the terms of the Health Insurance Portability and Accountability Act (HIPAA) whereas businesses in the financial industry must comply with the Gramm-Leach Bliley Act (GLB). There are also laws regulating businesses that deal with credit reports and those that accept credit cards. If your business must comply with one of these laws, it’s important to review the ITAD requirements before creating a plan.
For instance, the Fair and Accurate Credit Transactions Act (FACTA) requires that businesses conduct due diligence prior to hiring a third party e-waste recycler. Businesses must also monitor the third party e-waste recycler’s work to ensure they remain compliant at all times. You could be fined if you fail to comply with laws that apply to your business, which is why it’s crucial to learn these laws before writing a plan.
Get Everyone Involved
It’s much easier to collaborate with employees in a small business setting, so take advantage of this when you are creating an ITAD plan. Ask everyone who is involved in the management and use of IT assets for their input. The people who work closely with your IT assets on a daily basis may bring up something that had not crossed your mind yet. Some employees may not know much about ITAD plans, but getting them involved will ensure everyone within the organization is on the same page.
Plan For the Worst
Part of being prepared is planning for the worst case scenario. What if some of your devices go missing as they are being transported to the recycling facility? What if a data breach occurs while your devices are in the possession of the e-waste recycler? Even though it is not likely that these events will take place, it’s best to know how to respond in the event that they do. All of this information should be included within your ITAD plan so it can be quickly referenced when it is needed.
Choose A Reliable E-Waste Recycler
It’s not possible to dispose of e-waste in a responsible manner internally, so you will need to hire a third party vendor for help. But, it’s important to take the time to research e-waste recyclers prior to hiring them so you can ensure the one you partner with is reliable.
The best e-waste recyclers will have both e-Stewards and National Association for Information Destruction (NAID) AAA certifications. The former is a certification given to e-waste recyclers that have demonstrated they are committed to the responsible reuse and recycling of electronic devices. This means they process the e-waste domestically instead of shipping it to a developing country, where it will not be processed in an eco-friendly manner. The e-Stewards certification is only given to recyclers that have also proven they completely destroy the data contained on the processed devices.
The NAID AAA certification is only awarded to e-waste recyclers that can be trusted with your sensitive data. These e-waste recyclers have shown the NAID that they go to great lengths to protect sensitive data throughout the entire recycling process. If an e-waste recycler does not have either one of these certifications, it’s best to cross their name off of your list.
ERI also offers a convenient recycling box program for small businesses looking to dispose of old electronics in smaller quantities. Boxes can be ordered online at Shop.ERIDirect.com.
ERI is the largest recycler of electronic waste in the world, with facilities in California, North Carolina, Washington, Colorado, Indiana, Massachusetts, and Texas. We process over 250 million pounds of e-waste every year for clients of all sizes. For more information on recycling electronics, or to request a quote from ERI, contact us today.