Avoiding Data Breaches in IT Asset Disposal
When it comes to IT Asset Disposal here are 5 must-ask questions for third-party providers.
When the industry thinks of data breaches it raises the specter of a savvy hacker lurking very far, and yet very close, intermingling with a larger organization of internet criminals, breaking into our technology and gathering most private information: credit card and bank account details, social security numbers, and personal health and income data. The recent breaches at Anthem insurance and the retail giant Target make users worry about the trail they leave when they swipe a card or populate a form with personal information. This is how individuals think identities might be exposed. Individuals often don’t think about what happens when a company retires old servers, computers, printers, copiers, and scanners. What happens to confidential data? This is something businesses must think about.
Receipt, processing, destruction and disposal of hardware and software are a necessary and growing business. The Blumberg Advisory Group’s 2014 ITAD Trends Report shows that data security is the number one reason why companies implement an IT asset disposition (ITAD) strategy. News reports highlight examples of sensitive data being found on retired assets, frompersonal photos and information to matters of national security. The costs associated with data breaches and with the improper disposal of IT assets are great. They include financial implications such as penalties, the loss of customer loyalty, and the tarnishing of one’s reputation. To mitigate risk, asset recovery management is critical to companies operating in today’s global supply chain.
According to Transparency Market Research (TMR) as reported inElectronics Purchasing Strategies, ITAD represents an estimated $9.8 billion handling 48 million tons of discontinued or excess technology gear. According to TMR, by 2019 the predicted market will grow to $41 billion made on 141 million tons of used equipment. Concerns about data security have resulted in companies becoming more aware of the need for ITAD and the need to budget for it. In 2014, 87 percent of companies reported having an ITAD budget; 38 percent more than in 2012.
Outsourcing this complex work can be a necessity for many companies who don’t understand the intricacies, regulations, labor and cost of asset disposition. Electronically stored data is subject to stringent HIPAA/HITECH, FACTA, SOX, GLB, and FERPA regulations, complicating responsible disposal. Secure and thorough “wiping” of data is critical, and the environmental impact of retired assets is also a vital concern.
More and more companies, 65 percent of companies larger than 10,000 workers and up to one third of all businesses, are turning to 3rd-party service providers to manage end-of-life assets. The factors seen as most important in selecting a 3rd-party service provider include: adoption of industry-recognized compliance standards (97 percent); a well-documented and enforced chain of custody (95 percent); and high-quality, thorough client reporting (95 percent).
Reduce, Reuse, Recycle
ITAD is expensive and it can be risky. It is, therefore, important to find a 3rd-party service provider who can ensure as much safety and security as possible. Many ITAD companies have a split business model working with upstream partners to collect and process retired material, then turning to downstream partners who are looking to purchase used technology gear. Given this model, your server could be someone else’s server one day. Ensuring proper receipt and processing is critical.
These are must-ask questions businesses should ask 3rd-party providers before hiring them. Be certain these questions are answered thoroughly and confidently.
1. What is your specialization?
2. Is there uniformity in the process?
3. Who would manage our relationship?
4. How flexible are your operations?
5. What if something goes wrong?
Companies operating in today’s global supply chain need to take the necessary steps to mitigate risk when it comes to asset recovery management.
You may also like: