From the looks of it, IT asset disposition (ITAD) of your decommissioned assets may seem like duck soup. Just task the responsibility to your IT guys, assume they get the work done, and voila! Mission accomplished. Right?
Wrong. That’s a script from Hollywood.
In the reality that we live in, ITAD is a far more entangled affair. The slew of government and environmental regulations, coupled with the risk of costly data breaches ensures, the average organization has a complex crossword to figure out.
For any company pondering an own IT refresh, ensure you do take an honest look at the capabilities of your operation. You would be putting your organization at risk unless the answer to the following questions is an unequivocal ‘Yes’:
- Are you familiar with the specifics of the regulations that govern electronically stored data?
- Are you aware of all disposition channels that are regulated, certified, and audited by the EPA?
- Are you 100 percent sure that your company has and knows how to use the right data erasure software?
- Are you confident your IT team is up to the task of wiping hard drives clean, as well as memory storage systems? Can you place faith in them to remarket or recycle the excess inventory in line with all regulations while at the same time recovering ROI?
And here are some more issues to factor in:
Losing track of assets
Much to their chagrin, many organizations have realized that it just takes one hard drive to cause a devastating data breach. Surprisingly, it’s not uncommon for companies to lose track of their assets. In fact, out of five corporate asset disposal projects, four have at least one asset missing.
Moreover, IT teams tasked with doing asset disposition alongside their regular duties tend to be naturally distracted which doesn’t make them the best candidates to take on the task.
Without a formal tracking system, assets may get misplaced, lost, or stolen. A large fraction of the security incidents we have witnessed recently have been precipitated by on-premise theft of retired assets. That’s food for thought.
Formal asset tracking is not the end-all. Data breaches can still occur if the media devices have not been properly wiped of any smidgeons of encrypted data.
Digital data wiping or physical destruction is a more complex affair than many companies realize, and data breach headline after data breach headline can bear testimony to this.
Inadvertent release of personal, confidential, or proprietary information can have dire implications. And the cost of an average data breach keeps rising with per-record cost reaching $154 in 2015.
Companies pay the price in:
- Lawsuits filed by aggrieved parties
- Tarnished reputation
- Falling stock prices
They may sound like alphabet soup, but the regulations that govern data stored electronically cannot be wished away. HIPAA/HITECH, FERPA, SOX, FACTA, and GLB regulations touch on everything from strict data protection rules of the consumer’s personal, non-public information to the disclosure and use of particular information that’s in the hands of healthcare service entities.
Legal floatation of any of these can lead to hefty fines. And something else many tend to forget is that the asset recovery company may be handling data destruction for you, but when the chickens come home to roost, you – the company – are the one that will be held responsible.
A lot of customers these days (58 percent actually) take note of a disposition company’s social and environmental reputation before deciding whether or not to do business with them. That’s according to the National Marketing Institute.
Suffice to say careless disposition may not only lead to environmental damage, but also public trust in the company is diluted. Organizations that send electronics to landfills, as opposed to responsibly dealing with the issue, risk forking out a lot when they are slapped with air and water contamination fines which could stretch to thousands of dollars per day.
And these, ladies and gentlemen, are some of the obvious reasons why in-house ITAD is never a good idea, no matter how large your organization may be. If you feel your organization cannot confidently take on this sensitive task, best to leave it to a third-party provider with the proper certifications.
The added bonus of the recovery solutions vendor is that they know how to channel your equipment through the best markets, thus maximizing your asset ROI.