Safely Managing E-Waste
As technology grows outdated at an increasing pace and businesses rush to adapt to rapidly evolving markets and disruptive technologies, companies are finding themselves replacing obsolete computers, outdated cell phones and other electronic equipment at an ever increasing rate. This begs the question — does your business have a plan to safely manage this enormous influx of e-waste?
Properly disposing of electronic waste is more than an environmental consideration. E-waste is turning up in the hands of counterfeiters around the world, who pass on recovered and refurbished parts as authentic components to unsuspecting businesses. Your products — and your brand — may be at risk.
A Growing Concern
In the U.S., people discard around 2.9 million tons of electronics a year, according to the Environmental Protection Agency (EPA). Having a rigorous process to defend your supply chain from counterfeit parts is essential to any business.
Disposing of electronic equipment properly will help ensure the e-waste will not enter the counterfeit market, protecting you from liability claims if the electronic waste is later traced back to your company. Additionally, there are a number of other risks, adds Mike Thoma, Global Technology Chief Underwriting Officer at Travelers. “A company can find itself liable for damages caused by hazardous waste,” says Thoma. “Other risks include employee injuries from handling toxins, unintentional breaches of private data and regulatory non-compliance.”
“At Travelers, we want to help companies manage this growing risk with a thoughtful e-waste strategy that considers the hazards associated with disposing of hardware and clearing or destroying data,” said Thoma. “For example, while many people know that it’s important to examine a laptop for sensitive data before disposing of it, it may not be so obvious that a copier should be examined as well.”
Many of the newer copier models are multi-functional devices with hard drives, Thoma explains, functioning as network printers as well as copiers. At the end of a lease or when the machines need to be replaced, companies may be at substantial exposure to data loss.
Following, we offer a model for responsible e-cycling, to help companies be sure e-waste is handled appropriately.
Develop an E-Waste Disposal Strategy
Verify the Recycler’s Expertise
Ensure that your company is dealing with a responsible recycler who understands the electronic waste stream and proper handling procedures. There are voluntary certification organizations that conduct third-party audits, including the International Association of Electronics Recyclers (IAER) Certified Electronics Recycler program, the Institute of Scrap Recycling Industries (ISRI), Recycling Industry Operating Standard (RIOS) program, and the EPA’s Responsible Recycling (R2) Practices for use in Accredited Certification Programs for Electronics Recyclers.
Determine if E-Waste Contains Data
Is potentially sensitive data contained within your e-waste? Make sure your recycler demonstrates the methods they will use to ensure that private data is erased when refurbishing/reselling or shredded/destroyed when recycling. This may include following the Department of Defense’s National Industrial Security Program Operating Manual (NISPOM), the National Institute of Standards and Technology's (NIST) Guidelines for Media Sanitation, or other guidelines for sanitization or destruction.
Consider the “Internet of Things (IoT)”
With office equipment ranging from printers to photocopiers containing hard drives, it is important to go beyond examining laptop and desktop computers for sensitive data. A proper electronic equipment disposal program should consider the following:
- PCs and laptops.
- Servers and mainframes.
- Notebooks and tablets.
- Smartphones and other mobile phones.
- Digital cameras.
- Digital video recorders.
- Security systems.
- Photocopiers and printers.
- Flash cards or devices.
- Anything with a built-in memory.
Develop appropriate security protocols given the type of data on the device, which may include sensitive or confidential data about the company, employees, customers and patients.
Conduct Due Diligence on the Downstream Plan
If your equipment is going to be refurbished for resale, ensure that the recycling vendor makes proper notifications to purchasers. All risks should be transferred away from the original equipment owner.
If your e-waste is going to be partially processed by one recycler, then handed off to others for final disposition, the primary recycler should provide you with information about the credentials of others involved, and with due diligence ensuring that downstream vendors have proper controls in place.
Document the Outcome
Insist on receiving documentation that details how your e-waste was processed, including verification that devices containing potentially sensitive data were appropriately sanitized or destroyed. This paperwork provides assurance that your e-waste has been properly managed throughout the disposal process.