Companies Fail to Properly Destroy Data
According to a study released by the National Association for Information Destruction (NAID) in 2017, 40% of devices resold to the public still contained personally identifiable information (PII). The study reviewed 250 devices available through public resale channels, and relied only on downloadable software, in a process described as unsophisticated, in order to access PII. This led to recovery of PII on 13% of phones, 44% of hard drives, and 50% of tablets, among other devices (for an average of 40%).
While many North and South Dakota businesses are interested in the prospect of recouping some of the massive cost of technology through resale of older devices, compliance with consumer privacy laws and industry regulations demands that no trace of confidential data remains. Why are so many devices showing up for resale still containing easily-accessible PII? What can companies do to protect themselves?
Why do So Many Devices Retain PII?
The problem, according to NAID CEO Robert Johnson, is not a lack of professional services. Many companies who abide to certifications like e-Stewards, R2 or NAID undergo regular audits to ensure that their wiping practices are compliant with strict rules and regulation for security.
Where companies get into trouble is when they work with third-party vendors who are not qualified to properly dispose of data. Some businesses also try to save money by managing data destruction on their own, with little idea of how to do it properly and comply with consumer privacy laws and industry regulations.
The Potential Cost of Non-Compliance
Unfortunately, companies and their customers are the ones who stand to suffer when data is not properly eliminated. When PII remains accessible on devices that are resold or donated, it could fall into the wrong hands. This could lead to identity theft, as well as data breach.
In both instances, consumers can suffer terrible and long-lasting consequences. However, companies that fail to properly dispose of data will also face a bevy of potential repercussions, ranging from penalties and lawsuits, to loss of customers and revenue, to loss of reputation, and even ruination. According to the 2019 Cost of a Data Breach Report from the Ponemon Institute and IBM, the average data breach in the U.S. cost $8.19 million, with the average number of records compromised numbering over 25,000.
Luckily, there’s an easy solution for companies that want to ensure compliance when they decide to give devices a second life through remarketing or donation. The trick is to find an ITAD service provider that is certified to appropriate standards such as e-Stewards and/or R2 to uphold secure practices, and is therefore qualified to properly wipe equipment in preparation for donation or resale.
Said Johnson, “…when overwriting is properly done, it is a trustworthy and effective process.” Companies that attempt to go it alone or that utilize the services of unqualified providers may be fine, but then again, they might end up with incomplete data wiping, resulting in identity theft or data breach. With potential costs and repercussions so high, it’s crucial to ensure total elimination of data before resale or donation.
If your North Dakota or South Dakota business is seeking a certified ITAD service provider to wipe hard drives and devices for resale, contact SEAM today at 605-274-7326 (SEAM) or online to learn more and request a quote.