Too many businesses have old desktops stuffed into closets, decommissioned servers sitting in a warehouse, or useless CRT monitors taking up space in a storage locker across town. As technology evolves faster and faster, companies pile up ever-increasing piles of obsolete IT assets.
In recent years, cloud storage and software-as-a-service (SaaS) solutions that store data off site have rendered many onsite storage devices bulky and unnecessary. Desktops have been replaced by laptops and tablets. Even the utilitarian flash drive has been usurped by cloud-based solutions such as Dropbox.
Getting rid of old computers and other IT assets involves risk to intellectual property, regulatory compliance, and the environment. Small businesses must create a process that ensures IT assets are dispositioned in a manner that maximizes data security while minimizing environmental impact.
So how do I get rid of all these old computers?
One option is to hire an IT asset disposition (ITAD) vendor. These companies take end-of-life IT assets, securely delete any stored data, and dispose of them in an environmentally responsible manner. While this might seem like an easy choice, you must choose a reputable company and consider a range of factors including transportation and data destruction practices. We’ll come back to ITAD options later in the piece.
The other option is to do it yourself, which is probably easier for small businesses than it is for large enterprises. By cutting out the middleman, you stand to recoup some of your assets’ cost by reselling or to spend less on recycle/environmental fees by donating directly.
Data, data everywhere, but how do I delete?
First, you must be sure that all data is eradicated. Business assets ranging from laptops to printers to smart toasters carry sensitive data that must be removed prior to disposal. But even if you manage to delete the memory on a copier, how can you be sure it’s been fully eradicated?
A study of 200 used hard drives purchased online found that two-thirds held personally identifiable information, and at least 20 held sensitive business data. Furthermore, many of the drives had data deleted by simply clicking delete or dropping files in the “recycle bin.”
Unfortunately, this is all too common. Deleting files does not actually delete the programming that comprises the information saved on the drive but simply deletes the file that directs the user to that data. That’s why you’re able to restore Windows to a previous date to recover ostensibly deleted data.
But if you’re thinking that the answer is to format the hard drive, you’re still not going far enough. Formatted hard drives contain data that can be recovered if it hasn’t been overwritten. For this reason, small businesses must use specialized software to overwrite existing memory with meaningless data before disposing of the device.
Note that the default on many disk wiping solutions is to overwrite the memory only once; this is sufficient for personal computers, but business IT assets holding sensitive data require multiple rewrites.
This applies to flash drives, memory cards, and similar forms of storage. However, some overwriting methods are more effective on some devices than others. A solid state drive (SSD), for example, might be more difficult to overwrite than a standard magnetic hard drive. ITAD vendors are aware of these distinctions, and their expertise in this realm is one of the primary benefits they offer.
Degaussing and crushing bits to bits
For drives holding particularly sensitive data that you have no intention of reselling, there exist further options, including degaussing.
Degaussing is a method of destroying magnetic storage devices by magnetically altering their memory and making it unreadable. This method typically destroys the device’s electronics along with its memory which renders it useless and destined for recycling.
Degaussing machines are somewhat expensive, starting around $5,000. Less expensive, but potentially less effective, degaussing wands are also available. A list of NSA approved degaussers is available here.
Degaussing is the only way to be absolutely certain that all data is destroyed. However, degaussing ONLY works on magnetic media such as hard drives and magnetic tape. Optical storage media such as CD-ROMs, DVDs, and increasingly common solid state drives (SSDs) cannot be degaussed.
Finally, the drive can be physically obliterated using machines simply called hard drive crushers. These devices can be used as a primary method of destroying hard drives that don’t contain sensitive data or as a secondary step following degaussing.
Hard drive crushers bend the unit in half, breaking the platters. Other machines go even further by shredding storage units or breaking them into tiny pieces and are available for specific needs such as flash drives or mobile devices.
So now that you’ve degaussed and/or obliterated your hard drive, you still need to take it to a recycling facility. This was never going to be easy.
Don’t forget about printers, copiers, and IoT devices
Printers and copiers typically store document images in onboard memory. Specific care must be taken with data stored on these devices, especially since they are often leased, purchased used, and resold.
Furthermore, internet of things (IoT) devices sometimes store data such as Wi-Fi passwords on internal memory. For example, smart watches store calendar information, smart TV web browsers are used to access company data, and company cars sync phone contacts information to the onboard entertainment system. These items significantly complicate the IT asset disposal process.
We now live in a world where we need to think beyond conventional computing devices and ensure that any asset with the capability to store data is sanitized before allowing it to leave the business.
To get an idea of the stakes, take 20 minutes to watch The Wolf, an elaborate online film made by HP. It stars Christian Slater as a cybercriminal who uses printers and other seemingly mundane devices to steal corporate data.
Manage your IT assets with dedicated software.
Before you can implement an effective IT asset disposition program, you must know where your IT assets reside, how they’re used, and when they went into service. IT asset management software helps you to define and categorize your IT assets, allowing you to catalog and identify them individually.
From there, you can track IT assets by user, cost center, or physical location. In addition to simplifying the disposition process, tracking assets with software helps you to keep up with warranties, calculate depreciation, and decide when upgrades are needed. Check out GetApp’s full catalog of IT asset management software to find a solution that will ease your asset disposition process.
Asset management software EZOfficeInventory (Source)
Maintain compliance with an IT asset disposition (ITAD) policy
IT asset disposition is an overlooked, yet crucial, aspect of maintaining compliance with GDPR and other regulations such as HIPAA, PCI, and FACTA. For all of these, you must be able to prove a chain of custody and method of data deletion.
If your company stores any data related to users in GDPR protected countries (i.e., anyone based in the EU or EEA), you are defined as a data controller.
If you contract with another company to handle that data in any way, that company is a data processor.
By hiring an ITAD company to handle the end of life process for your IT assets, you and the ITAD vendor are each responsible for the secure deletion of data relevant to GDPR.
To remain in compliance, your business must develop an ITAD policy that results in an auditable record by answering the following questions:
- When should various IT assets be disposed?
- How will sensitive/regulated data be identified?
- What method will be used for data elimination?
- Where should IT assets marked for disposal be stored?
- How will chain-of-custody be documented?
Making a blanket policy is difficult because each device is different; you need a different process for a 3-year-old $5,000 multifunction copier than you do for a 2-year-old $250 tablet.
Consider specific processes for:
- Stand-alone storage devices (e.g., flash drives)
- Network equipment (e.g., routers, switches)
- Mobile devices/tablets
- IoT devices
Create IT asset disposition flowcharts
A process should kick in when an IT asset reaches a specified point in its life cycle. This might be determined by age, wear, or obsolescence. To make this process easier, you should develop flowcharts to assist in making decisions.
Potential destinations for IT assets
IT assets can be refurbished and sold directly or through a consignment broker. Data center assets such as servers and switches are especially valuable on the secondary market as many firms lack the budget to purchase these items new. Another option is to sell IT assets to employees at a steep discount. Additionally, if the item is very old or not functional, it might be sold for parts.
In some cases, assets marked for disposition might find a second life within the organization. For example, a laptop that is no longer powerful enough for a graphic designer might work perfectly as a secondary monitoring device for a field service agent. Used tablets can be redeployed as loaners for business associates or for web surfing by visitors in the lobby.
Gently used IT assets can be donated in to schools, charitable organizations, and international aid organizations. For example, Computers with Causes accepts computer donations and redistributes them to educational causes and vocational programs. Also, by donating IT assets, your business might be eligible for a tax deduction, as long as the organization is approved by the IRS.
If all else fails, the final choice is recycling. Notice that there is no landfill option. That’s because IT assets are not generally appropriate for landfills and require careful recycling procedures which will be addressed further in the next section.
Environmental impact of IT asset disposal and recycling
Responsible IT asset disposal and recycling is good not only for the environment, but also for your marketing efforts. A recent study of 25,000 consumers found that more than half were willing to spend more with companies that use environmentally friendly practices.
IT assets are manufactured with numerous toxic substances such as lead, mercury, and cadmium that pose severe risks to the environment if disposed of improperly. And while manufacturers are beginning to make electronics more sustainable, such as Apple using recycled aluminum for its MacBook Air, electronic waste is increasing.
A recent United Nations study revealed that worldwide e-waste increased by 8 percent from 2014 to 2016. An additional increase of 17 percent is expected by 2021, reaching an annual total of 52 million metric tons. The study also found that only 20 percent of all e-waste generated in 2016 was recycled.
A bright spot from the report found that 66 percent of the world’s population now lives under an e-waste management law, a whopping 50 percent increase from 2014. This is encouraging news because much of the world’s e-waste is dumped in developing countries.
When searching for an environmentally friendly ITAD vendor, look for one with either the responsible recycling (R2) or e-Stewards certification, both of which are recognized by the Environmental Protection Agency. These organizations can efficiently break down electronics, salvage their parts, and safely dispose of any dangerous substances.
Secure and responsible IT asset disposal can take a lot of effort but it must be done to safeguard your intellectual property and prevent regulatory fines. If you’re overwhelmed, begin by making a simple categorized list of IT assets to determine whether software could save you time and effort.
You can also launch an IT asset roundup program to encourage employees to pull old keyboards out of the closet and finally fish that old BlackBerry from the back of the desk drawer. Make a raffle out of it by giving tickets for each asset or hand out drink tickets for a company happy hour.
In the end, getting rid of old computers and other IT assets is a liberating way of letting go of the past. Doing so in a responsible manner ensures we’ll all have a better future.
This article is part of an ongoing series about the business value of IT
Note: The information contained in this article has been obtained from sources believed to be reliable. The applications selected are examples to show a feature in context and are not intended as endorsements or recommendations.