Why ITAD Is the Most Overlooked Security Issue

The International Data Corporation (IDC) estimates that companies will spend over $100 billion on cybersecurity initiatives by the year 2020. The researchers who came to this conclusion believe that companies will be willing to invest more in cybersecurity than ever before due to the increase in data breach incidents over the last several years. Researchers think many companies are finally starting to realize that they could be next, so they are more open to committing financial resources to protecting their data.

But, these companies could still be affected by data breaches in the future even if they do heavily invest in cybersecurity over the next few years. Why? They may not be investing wisely. Experts believe that companies are overlooking an important cybersecurity issue: IT asset disposition (ITAD).

What is ITAD?

Every company should have an ITAD plan in place. This plan should outline how the company will responsibly dispose of IT assets that are no longer wanted or needed within the organization. The plan should involve disposing of assets in an eco-friendly manner and also destroying the data stored on the devices to ensure it does not fall into the wrong hands.

Why Do Companies Overlook ITAD?

There are many possible reasons why companies overlook ITAD when discussing how to protect their sensitive data. Some experts believe it is because decision makers continue to invest in cybersecurity strategies that were effective in the past. But, these decision makers need to realize that the strategies that worked in the past will not necessarily prevent data breaches in the future. Data security strategies must evolve with the changing times.

This theory could be true, but many other experts believe companies overlook ITAD for a completely different reason. Most companies trust professional e-waste recyclers to dispose of IT assets that are no longer wanted or needed. These e-waste recyclers typically visit the company to pick up the assets and transport them back to the recycling facility for processing. Experts believe that some companies are under the impression that it is no longer their responsibility to protect data once the devices have been handed off to an e-waste recycler. If this is what the decision makers within a company believe, it makes sense that the company would not pay much attention to their ITAD strategy. But, it’s important for companies to understand that it is their responsibility to protect the sensitive data they obtain from customers even when it is in the possession of an e-waste recycler.

The Consequences of An E-Waste Recycler Data Breach

Your company will face consequences if your customers’ information is compromised while in the hands of your e-waste recycler. Many of the affected customers may not understand the details of how the data breach occurred, so they may not realize that it is not your company’s fault that their data was stolen. As a result, these customers could lose trust in your company and even switch to a competitor that will do a better job of protecting their information. 

Public backlash isn’t the only consequence that companies could face after a data breach involving their e-waste recycler. These companies could also face massive fines thanks to the more than 550 laws in the U.S. that regulate how businesses protect data and dispose of IT assets.

For example, Virtua Medical Group was forced to pay a $418,000 fine after a data breach involving a third party vendor. The government found that Virtua Medical Group violated the Health Insurance Portability and Accountability Act (HIPAA) by failing to protect patient data. Even though the breach occurred as a result of a third party vendor’s mistake, the government still held Virtua Medical Group responsible.

Make no mistake–your company will face backlash and possible legal penalties for a data breach involving your e-waste recycler. For this reason, it is important for companies to stop overlooking ITAD and start paying attention to how their e-waste recycler protects sensitive data.

How to Ensure An E-Waste Recycler Will Protect Data

Avoid these consequences–and protect your customers’ data–by choosing a reliable e-waste recycler that is committed to data security. First, ask about the e-waste recycler’s certifications. It is best to choose an e-waste recycler that has the National Association for Information Destruction (NAID) AAA Certification. This certification is only given to the most trustworthy and respectable e-waste recyclers. Plus, the NAID certification is only awarded to recyclers that have proven that sensitive data is secure at all times within the facility. Recyclers must also prove that they completely destroy all data when processing devices in order to obtain this certification. If you can find an e-waste recycler that has been certified by the NAID, you can rest assured knowing that they will keep your data secure.

You should also make it a priority to work with a recycler that provides proof of data destruction. At ERI, clients are welcome to watch a live video feed of their data being destroyed so they don’t worry about whether or not it is secure. We also send clients certificates of recycling and data destruction to confirm that the devices have been completely processed. Having these official certificates makes it easier for clients to update their inventory and keep a record of the items that have been destroyed.  


Make sure your sensitive data is safe by trusting ERI, the largest recycler of electronic waste in the world. ERI has electronic recycling facilities in California, North Carolina, Washington, Colorado, Indiana, Massachusetts, and Texas. Every year, our facilities process over 250 million pounds of electronic waste for clients in a variety of different industries. For more information on recycling electronics, or to request a quote from ERI, contact us today.