IT Asset Disposal (ITAD) Comes With a Risk That Few Think About But Should

It seems that a data breach is announced every day. In 2020 alone, media has already shared news of breaches affecting Microsoft, clothing retailer Hanna Andersson, Landry’s restaurant group, Health Share of Oregon, Estee Lauder, MGM, and several others. These breaches are linked to employee theft, unprotected databases, and malware installed on point-of-sale systems.

The sale of private data is a booming dark web business. People around the world are eager to get their hands on the private information of an individual or business. SSNs, bank account information, payroll information, trade secrets, and other classified information is highly sought after. When a company or individual disposes of their electronic devices like laptops, printers, fax machines, copiers, etc. this information can fall into the wrong hands. You have to trust that the company processing your e-waste does so in a responsible many. Most do, but there are outliers and that’s where there is some risk of theft.

Technology and Electronics Have a Strong Footing in Other Countries

Other countries have invested in U.S. manufacturing and technology. You have companies like Tianjin Sheng Xin Non-Financing Guarantee Company that invested heavily in turning shuttered textile factories in the Carolinas into recycling facilities. They purchase electronics from major corporations and schools in order to destroy data and recycle them.

Ingram Micro was purchased by a Chinese company in 2016. One of the things Ingram Micro’s new owners did was to expand into global ITAD and build new facilities. Experts worry that as more companies start handing over outdated electronics to foreign companies, they may not be processed following U.S. laws. China is about to launch a new program that stops the use of VPNs and encryption on any Chinese network or servers. There will be no exceptions, and that opens the door to the possibility of theft. That’s one area where companies need to start considering as possible avenues for data breaches and theft.

Reselling Retired Electronics

Many of today’s e-waste processing firms are honest. There are a few who promise one thing and deliver another. Total Reclaim was fined half a million dollars by the State of Oregon after it was discovered they were selling electronics they were paid to destroy responsibly. Instead, those items were sold to a company in Hong Kong. The owners were sentenced to just over two years in prison and three years of supervised release after that.

Total Reclaim is not the only company to get caught. Intercon Solutions was charged with fraud and tax evasion in 2016. The owner also received a three-year prison sentence and fines of $1.28 million. It was found that instead of destroying and recycling the electronics the company received, it faked ITAD certificates that were given to customers and items were sold to other companies or dumped in landfills.

Once the electronics are in another company’s hands, you don’t know what they will do with them. They could sell them to others. They may attempt to recover the data and turn to the dark web to sell confidential information. People don’t think of that form of data theft when they’re trying to be responsible and recycle electronics, but it can happen if you’re not careful choosing your ITAD provider. There’s one question you have to ask before you hire a company for your ITAD and data destruction needs.

Always Ask Where IT Assets Go

Ask where any electronic devices are processed. Specifically, ask if the electronic recycling company processes all electronics at their location or if they send them to another company. There’s a risk that comes from not knowing exactly where your electronics end up. You need to know that the items are properly disposed of in a way that protects your information and the environment at the same time.

There are three certifications you want your ITAD provider to have. If they don’t or won’t show you the certificates, move on. You must get upfront answers from the company you chose to handle your ITAD services.

  • e-Stewards: One key goal of e-Stewards is to ensure that any company holding this certification does not ship any electronics out of North America. E-waste recyclers and ITAD companies must process items in the country and using methods that help the environment.
  • NAID AAA: With NAID AAA Certification, a company promises to be compliant with all data protection laws set forth by the International Secure Information Governance and Management Association (i-SIGMA).
  • R2: R2 certification offers assurances that a company is doing everything to keep employees safe and recycles and repairs electronics following strict criteria that are documented every step of the way.

ERI Direct is a leader in ITAD. We do not ship anything overseas. When you choose our services, you can track where your electronics are through our MyTrackTech software. We also offer the chance to watch your electronics destroyed. With eight locations across the U.S., we serve every corner of the nation.

We go through dozens of planned and surprise audits every year to ensure we are compliant with the standards set forth by firms like e-Stewards, NAID AAA, and R2. We make sure your electronics are destroyed, sanitized, and recycled in the most responsible, secure way possible. Give us a call to discuss your ITAD needs.