IT asset disposition (ITAD) plans outline how an organization such as a government agency will dispose of outdated or unneeded electronic devices in a responsible manner. This includes recycling electronic devices in a way that does not harm the environment and completely destroying the data that is stored on these devices so it cannot be read or recreated.
Every city, county, state, and federal government agency gathers and stores sensitive data. Because of the sensitive nature of this data, it is important for government agencies to implement and follow an ITAD plan. This is especially true given the number of recent data breaches that have affected government agencies.
Data Breaches Involving Government Agencies
A number of data breaches involving government agencies have made headlines over the last several years. Last year, the Internal Revenue Service (IRS) announced that its Data Retrieval Tool used by college students in need of financial aid was breached. It was estimated that information from over 100,000 students was compromised during this breach.
The Securities and Exchange Commission (SEC) database was also breached last year. Countless records containing corporate and financial data were stolen, and many believe that this information could be taken advantage of by stock traders.
Data that was stored on the U.S. Army Intelligence and Security Command (INSCOM) was also breached in 2017. INSCOM is home to incredibly sensitive information, including software that is used for classified communication. These are just several examples of how government agencies have been affected by data breaches in the last several years. Other agencies that have been targeted include the United States Navy, Election Assistance Commission, Department of Defense, and the Department of Energy.
ITAD Services for Government Agencies
Destroying data and disposing of electronic devices is incredibly difficult, which is why government agencies cannot handle these tasks internally. Instead, they work with third party vendors that provide these services. Therefore, the key to establishing an effective ITAD plan is partnering with a reliable e-waste recycler and ITAD vendor. But, choosing a reliable vendor is not as easy as it may seem.
It’s important to find an e-waste recycler and ITAD vendor with the proper certifications. Ideally, the vendor you partner with should have the e-Stewards certification, which is considered the most sought after certification within this industry. This certification is only awarded to recyclers that have proven that they process electronic waste responsibly. If you work with a e-Stewards-certified vendor, there’s no need to worry that your electronic devices will eventually end up leaking toxic chemicals in a landfill.
Another important accolade is the National Association of Information Destruction (NAID) AAA certification. ITAD vendors cannot obtain this certification without proving that they are committed to protecting sensitive data through every step of the e-waste recycling process. Vendors must also prove that their data destruction methods are in line with industry standards, which means data cannot be read or reconstructed.
You should also look for an e-waste recycler that provides proof of data destruction. At ERI, we allow our clients to watch a live video feed of their data being destroyed. Watching this video helps them rest easy knowing their data has not fallen into the wrong hands. We also provide our clients with certificates of destruction once their e-waste has been processed. Clients can keep these documents as proof that they followed the proper protocol when disposing of IT assets.
Finally, look for an e-waste recycler and ITAD vendor that has a data breach response plan in place. Data breaches rarely affect reliable vendors, however in the unlikely event that a breach does occur, it’s important that the vendor has a plan in place so they can limit the damage and notify affected parties as soon as possible. If you choose a vendor without a data breach response plan, the public could find out about the breach before your agency does.
Other Items to Include in ITAD Plans For Government Agencies
Choosing the right e-waste recycler and ITAD vendor is a major part of creating an ITAD plan. But, there are other items that need to be included in ITAD plans for government agencies. Every government agency needs to have a system in place that allows them to track every IT asset from the moment it is acquired until it has been destroyed. Failing to implement an inventory management system puts your agency at a greater risk of being affected by a data breach.
You will also need to establish a plan for transporting retired IT assets from your facility to the vendor’s recycling facility. Many vendors offer on-site pick-up services, which is convenient for clients. However, if you choose this option, it’s important to store the retired IT assets in a safe location until they are picked up and transported to the recycling facility for destruction. The room that these assets are kept in should only be accessible to certain individuals to reduce the risk of theft.
Government agencies need to ensure that everyone who is involved in IT asset management is on-board with the ITAD plan. Informing everyone of their roles and responsibilities reduces the risk of data breaches caused by errors or misunderstandings. Get these team members involved in the creation of the ITAD plan so everyone is on the same page.
ERI is the leading e-waste recycler, with multiple recycling facilities throughout the country. We are committed to recycling and reusing e-waste in a responsible manner. We work with clients in various industries, including government, finance, healthcare, and technology. These clients not only trust us to responsibly recycle their devices, but also to destroy their sensitive data. For more information on recycling your electronics, or to request a quote for your company, contact us today.