The world is at war with the rising tide of e-waste. Scientists, industrialists, governments and environmentalists – everyone is trying to reduce the impact of e-waste generation, through recycling or reusing the generated electronic waste and do it in an eco-friendly way. While efforts are being made to divert e-waste toxins from landfills for proper disposal, there is yet another issue – improper disposal of e-waste also poses a serious threat to Data Security. Adrian Briscoe, General Manager at Ontrack Data Recovery said “As soon as you lose the physical control of your hard drive, you lose control of your data.” One can only imagine the data security implications once we dump our PCs, laptops, mobile phones and lose control of the data on our devices.
People are not very well aware of the hazards that a data breach can cause. A global analysis done by the Ponemon Institute in 2013 stated that “the average cost of a data breach for US companies is $188 per record.” So, on an average the average cost to a company for 28,765 records was $5,403,644. The 2014 report by the Ponemon Institute found that there was a hike of 15% in the average cost of a data breach for companies rising to $3.5 million.
According to BBC News, when 350 companies were surveyed for Remploy e-cycle, 75% of computers were given away instead of being properly recycled. Of the 75% computers given away, data was erased only in 23% of the cases. This displays the lack of awareness towards data breach. Among these 350 companies some were finance firms which contained sensitive information about their clients.
In another survey, two MIT graduates gathered 158 hard drives from ebay and other resellers and they discovered 30% of them had sensitive data ranging from credit card details to information on classified missiles.
The Ponemon Institute in its survey established that 7 out 10 data breaches usually occur after owners have disposed their electronics. The data is at its most vulnerable state when IT equipment reaches its end of life.
Usually when electronics become obsolete or outdated, companies resell them or give them away without much concern; instead of recycling them properly with certified recyclers. These equipment get shipped to developing countries and there it either gets resold or recycled by local recyclers in non-eco-friendly ways like open air incineration, acid bath, etc. which leaves causes environment pollution and health hazards.
A team of graduate students from University of British Columbia purchased some hard drives in Ghana. They discovered sensitive data about defense contracts between Homeland Security department, Pentagon and military contractor, Northrop Grumman. Another team of researchers bought a computer online and found good deal of data about Lockheed Martin, a defense contractor. The information included detailed test launch procedures and employee social security numbers among other confidential data.
Such data breaches can bring real harm to anybody, be it an individual or a company. Confidential data may bring harm to the reputation and brand value for a company, while loss of financial data can bring down entire organizations. That’s not all, companies may also get into legal risks in such circumstances.
So what does an individual or an organization do to prevent exposing itself to such data security risks?
Do’s and Don’ts of Keeping Data Safe
1. Have a clear and concise policy for managing disposal of IT assets.
2. Have a record of data storage equipment. For example computers, mobile phones and servers. Don’t miss out USBs, printers, scanners and BOYD devices.
3. Explore possibilities in regards to reuse, refurbish and recycling of IT equipment and data destruction.
4. To handle data security while reselling, donating, refurbishing or recycling select authentic and certified organizations only.
1. Do not stock up IT assets. It comes with high cost of storage, fixed asset tax.
2. Don’t discard computers and other electronics into landfills. It is harmful for the environment and extremely risky in terms of data security.
3. Don’t donate or sell computers for reuse or resell without managing data security issues first.
Authentic and responsible e-waste recyclers provide indemnification for data breach of the assets they recycle. It’s a good option to outsource managing end of life IT equipment to Certified Electronic Recyclers, who are skilled and experienced in handling, recycling and data security management in end of life IT Assets.