Properly recycling or disposing of your unused or outdated electronic equipment does come with a nominal cost, but simply throwing old IT devices in the garbage to avoid paying that fee can come at an even bigger price including damage to your company’s brand.
Think about damaging headlines you have read or heard about: multinational companies fined tens of millions of dollars because they were found guilty of illegally disposing of electronic equipment or others neglecting to wipe former owners’ sensitive data from retired devices… only for that information to wind up in the wrong hands and for the companies’ brands to be tarnished.
This begs the question, when decommissioning your company’s old IT assets, are you willing to put your organization’s reputation at risk?
There are many companies who offer IT asset disposition (ITAD), but they don’t all do it the same way. When working with an ITAD provider, you want to make sure that you are receiving the most thorough and trustworthy wipe or shred of the asset, not just the cheapest.
Sure, saving money is important, but saving money by working with a company that cuts corners or by trying to do ITAD yourself can end up costing your company a lot of money, including a damaged brand reputation.
Imagine this scenario.
You no longer need a laptop computer that a now-retired employee had used for a few years. You take the laptop to a local mom-and-pop ITAD provider that you use because they are the cheapest. The company says that they completely wiped the hard drive and will be putting the computer up for sale since it is still in good working condition.
What you don’t know is that the shop did not do the Department of Defense suggested three-pass wipe. They did one standard wipe which normally would be fine as long as they verified their wipe process. They didn’t. Sensitive, potentially classified, private company material was not completely wiped from your laptop that is now being sold to who knows whom. Your data could be at risk.
If your company’s data is not properly removed off the laptop, the new owner could find that information and now have confidential information that they could either return to you, ignore completely or exploit for their own personal gain.
How about another scenario?
All of your company’s computers are tagged with a label of the company’s name or logo. It might be small, but it’s there. This time, you work with a company who does the recommended three-pass wipe, but they overlook the aforementioned label.
Your former laptop is again sold to an individual who, when the laptop slows down, stops working or is no longer needed, throws the laptop in the trash which ends up in a landfill. Now this laptop can be seeping hazardous materials into the ground.
Someone at the landfill finds the laptop and notices that your company’s name is still on the laptop. Even though you were not the one to throw the laptop in the garbage, your company will be the one taking the blame for this improper disposal.
In the first scenario, some consequences for your company could be a data or security breach that could impact your company as a whole. While in the second scenario, you could lose credibility as a responsible company and even be hit with severe fines, even if your company was not actually the one to throw the assets in the trash.
Does your company have millions of dollars to risk using the incorrect ITAD provider?
Protect Your Brand
When it comes time to focus on ITAD, make sure that you are working with a trusted partner who is going to help protect your brand. Working with companies that have or are working toward the ISO 9001 and ISO 14000 certifications for quality management standards and environmental management respectively helps to ensure that your devices that need to be destroyed are done so in the safest way for your company and the environment.
Providers should follow either the Department of Defense 5220.22M procedures and provide a level of protection your deserve or NIST Special Publication 800-88 guidelines for media sanitation. This means your data will be completely eradicated using methods to ensure complete data sanitization.
If you prefer 100 percent guarantee that your data is destroyed and unrecoverable, good ITAD partners will offer both on-site and off-site shredding services to give you peace-of-mind. And to go even further, when you do choose an ITAD provider, insist on doing an in-person audit of the provider. A reputable provider will often insist on an audit. If they do not insist, ask to do one. If the provider is as reputable as they say, they will not decline your request.
How secure are your ITAD procedures? Take our ITAD quiz to find out. Share your results in the comments.