Keeping your data secure is critical no matter what industry your business is in. This is especially important when it comes time to refresh your computer equipment and get rid of the old.
What happens to the data stored on your used equipment?
Many businesses assume they are safe when they get rid of IT devices because their machines have been secured with passwords and important files have been deleted. However, there are a few common problems companies run into when securing data at the end of life.
Internal Data Security Issues
- Employees with Good Intentions: When outdated equipment is left in an unsecured location within your office or warehouse, it is left vulnerable. Often times employees see old equipment as a free offer to rummage through the pile and take whatever they want, because, hey—it's just going to be trashed, right? This is an easy misunderstanding that can lead to an instant data breach. Confidential information can leave your premises on a laptop destined for personal use or by someone trying to make a few bucks online.
- Employees (Or others) with Not-So-Good Intentions: If equipment is left unsecured, whether inside your facility or outside when awaiting pickup, it's a welcome sign for thieves—leaving your data at risk and hurting any chance you have for resale opportunities.
- The Solution: Make sure you are securing any unused IT device at your facility in a locked room or security cage or bin until it can be securely transferred to your data destruction partner. Keep record of anything that enters and exits the secured area to maintain a transparent, chain-of-custody for all devices.
External Data Security Issues
- Trusting an Electronics Recycler: When used computer equipment is seen as junk, the recycling process quickly becomes the weak link in your data security, instantly becoming a huge liability risk. Many electronics recycling or IT Asset Disposition (ITAD) vendors promise data destruction, but if not done properly, information can still remain. Without certifications like R2 or e-Stewards, computer recyclers and resellers have no obligation to make sure your data is properly destroyed. If a data breach does happen, the original owner (aka you) are the responsible party and are on the hook for any regulation noncompliance or environmental cleanup costs from improper disposal.
- The Solution: Find a trustworthy vendor by first performing your own due diligence. Make sure they are certified by R2 or e-Stewards by checking the third-party websites for their company name. This is an important step, as it has been an unfortunate known problem of some companies falsifying their certification. Even with a paper stating "Proof of Destruction", you can't be sure without those certifications backing it up. In addition to certifications, another easy way to weed out bad characters is by asking for a tour of their facility to witness their data destruction process and learn about their written policies and procedures. If there's any hesitation, you should be weary about handing over your IT equipment.
Fulfill Your Security Obligation
If you manage proprietary or customer data like credit card information, social security numbers, or healthcare records, you are legally required to ensure that data is completely destroyed after it is used. Using a reputable and reliable data destruction company who is certified and audited by third parties to verify their standards will remove any risk of a data breach or environmental mishap.
As the only R2 certified and e-Stewards certified IT Asset Disposition (ITAD) provider in the upper Midwest, SEAM takes data security seriously. We feel its important to give our clients the confidence that all of their equipment is processed to the highest environmental, secure and ethical standards possible.