Around the world, there were around 16 billion mobile phones, and 5.3 billion of them were expected to become e-waste. That’s just cell phones. They’re the fourth most common type of e-waste that ends up in a drawer, closet, or storage area and is forgotten. More concerning is that some end up in the trash where the metals can leach into the ground, and batteries can cause fires.
Computers, networking equipment, printers, copiers, scanners, and tablets are just a handful of electronics used in a business that can contain sensitive information. Even if you restore a device to factory settings, that only removes the pathway to the information, it doesn’t delete it. Someone with enough knowledge could retrieve the information on that device.
As a business owner, you have a responsibility to protect your employees’, customers’, clients’, or shareholders’ data. Failure to do so could become very costly. Protecting data isn’t something you only have to focus on when using a device, how you handle e-waste is especially important.
The Cost of Disposing of e-Waste Incorrectly
There’s a “Disposal Rule” in place, and that requires many companies to make sure personally identifiable information (PII) is properly removed from hard drives and other digital devices and that paperwork is shredded or burned. All of these organizations or businesses must comply with this rule:
- Attorneys
- Auto dealerships
- Consumer reporting companies
- Debt collectors
- Employers
- Financial companies (banks, credit unions, lenders, mortgage brokers, etc.)
- Government agencies
- Insurers
- Landlords
- Private investigators
Financial institutions and healthcare organizations have other privacy rules that also must be followed. This includes the Gramm-Leach-Bliley Safeguard Rule and HIPAA. Violations of the Disposal Rule can be as high as $3,500 per violation.
HIPAA violations are even more expensive with initial fines of up to $50,000 per violation. Willful neglect can lead to yearly fines of up to $250,000 with HIPAA.
One of the biggest, and most well-known, fines happened when Morgan Stanley attempted to save money using a less expensive moving company for a data center decommissioning project. The e-waste wasn’t properly disposed of and data wasn’t wiped before the hard drives were sold online. The company was fined $60 million in 2020 and another $35 million two years later.
They’re not alone. Back in 2017, a Florida news station purchased four computers from sites like Craigslist and eBay. One of the computers had been securely wiped, but two computers from an area police department hadn’t been wiped. Another computer was a home office computer and nothing had been done to it. The technician the station worked with was able to pull up tax forms including the full SSNs, client information, photos, and emails.
Journalism students purchased several hard drives from an African open-air market. One of the hard drives that cost them $40 contained files related to a multi-million U.S. defense contract and included information from Homeland Security, the contractor, and the Pentagon. It’s believed the hard drive may have been stolen from the vendor, but there are additional questions as to how the e-waste ended up in Africa.
What Should You Do to Ensure Data Is Destroyed?
Don’t try to sell old office equipment on your own. You have to make sure the data is destroyed, and that often requires specific software or degaussing expertise. Degaussing (magnets) doesn’t work for everything. Software like DBAN (Boot & Nuke) is more secure. It is an open-source program that continually overwrites random strings of numbers until the data is gone.
DBAN isn’t enough for a business. It’s only designed for personal use as it doesn’t meet NIST 800-88, you do not have a certificate of destruction, and it doesn’t securely erase SSD. Even a small business owner shouldn’t rely on DBAN. It’s best to work with an ITAD professional.
For data destruction, erasing, wiping, and degaussing are options, but nothing is more effective than shredding e-waste. It’s the preferred option per the NIST 800-88 Guidelines that recommend “Clear, Purge, Destroy.”
Think of shredding as a giant paper shredder, only this shredder is designed to take electronics and shred them into small pieces. Glass, plastic, and metal components are sorted and put onto pallets for further processing. Here are just a few of the ways a shredded computer is used.
- Aluminum – Turned into aluminum foil or beverage and food cans
- Copper – Reused for copper piping and wiring and jewelry
- Glass – Crushed and mixed with asphalt for roads or ceramic tiles (leaded/CRT) or new sheets of glass (non-leaded)
- Plastic – Ground and mixed with asphalt to fill potholes or to make items like phone cases and computer parts
- Steel – Used to make metal framings in cars or construction beams
You may find there is still value in the devices you have. While a two-year-old computer is no longer valuable to your company, it could make a big difference to a low-income family or start-up. Recouping that value is important, so it’s best to work with an ITAD specialist with expertise in the government’s guidelines.
When you work with an expert, you’ll have a certificate proving data destruction measures were followed. It can provide you with peace of mind that you did everything right. Make sure the expert you chose is an NAID-certified ITAD provider. You also want an e-Stewards certified company.
With e-Stewards you have the assurance that the ITAD vendor does not ship outside of the U.S. for processing. The standard was created by the Basel Action Network to prevent e-waste from going to poor countries for processing.
ERI has facilities across the U.S., and is not only NAID certified, but also R2, e-Stewards, AICPA SOC 2, and ISO 9001, 14001, and 45001. With facilities in every region, your e-waste is shipped securely to the nearest facility. Plus, we can come to your business and destroy data before it even leaves your location. We offer multiple levels of data destruction.
- NIST 800-88 Rev1 Standard Data Destruction – Suitable for most businesses and organizations
- Enhanced data destruction – Provides TSA-certified drivers, lock boxes, and video verification
- High security/observed data destruction – Clients escort their e-waste into the facility and all devices are processed by high-security staff
- On-site data destruction and shredding – Data shredding or data destruction services are completed at your plant or building
- Demilitarization services – The highest possible level for government agencies and contractors with a government agency representative escorting the devices into the facility and personally witnessing the data destruction
Our Optech portal provides real-time tracking of your e-waste, so you always know exactly where things are and what stage of processing your devices are at. Talk to us about your e-waste recycling and data destruction needs and we’ll help you recover any value and make sure data is destroyed properly.