Do you have a customer list? Do you store or process customer data? The reality is, most businesses across the globe store and process some level of personal data whether the subject is a client, patient, vendor, consumer or employee. Businesses are responsible for ensuring the security of this data however, according to FierceCEO, 53 percent of executives admitted their cybersecurity and data privacy budgets are insufficient to respond to a breach; and nearly a third don’t train all employees on data breach prevention. As a manager it is your responsibility to understand what, as a company, you should and should not be doing to appropriately manage data in a manner that protects your company, clients and employees.
As the amount of data generated continues to grow exponentially year after year, the opportunity for a data breach to occur increases as well. Digital Guardian reported that experts now predict a 4300% increase in annual data generated by 2020 and with majority of the data security efforts focused on working IT equipment and network-connected devices, your retired IT devices present the same risks if mismanaged.
Whether you have an IT asset disposition (ITAD) program in place or not, there are always going to be areas of improvement. We previously focused on best practices for managing retired IT assets, but this time we wanted to dive into the ITAD program practices you should never be doing.
When it comes to retired IT equipment, make sure you never;
- Hold onto it.
Once items are upgraded and replaced, many are tempted to set these older devices aside in a storage bin. There are two main reasons why we encourage IT managers to address disposal sooner than later.
- Resale value – Every day an item sits on a shelf in storage, its resale value decreases. If you are hoping to garner some revenue from your old devices, getting it through to reuse channels as soon as you can is advised.
- Data security – Even if the storage location is fully protected, unwiped hard drives and media storage devices may still be storing sensitive data and you are accumulating risk as you increase the volume of assets stored.
- Hand it over too soon.
It is always advised to research the company before handing your sensitive data over to them. Always do your due diligence, audit and visit the processing location, and ask the important questions.
There are many high-profile examples where businesses have handed over their retired IT devices with specific instructions, only to find out the vendor didn’t adhere to their requirements putting the business at risk. Circumstances such as this can result in data exposure and/or unauthorized product resale and can be detrimental to a business. Taking your vendor selection seriously will help you minimize these risks.
If you need a place to start you can reference this market guide published by Gartner, which compares a group of leading ITAD vendors.
- Assume all your IT assets are discoverable.
Data is everywhere. It is not just in servers or desktops, it is in phones, memory sticks, printers and more. Especially with older IT equipment, items not on the network or items that are not in the same inventory systems may not be discoverable. When managing hardware assets it is important to ensure you are accurately handling your inventory.
When upgrading devices, replaced equipment can be easily viewed as items that do not hold any value. This is not always the case. Sometimes even when a device is malfunctioning, parts can be harvested and reused or resold.
When any device leave your facility it is still a liability until all data is removed and/or it is fully decommissioned and processed for recycling. Make sure your ITAD vendor has a portal to help you track all IT assets throughout its disposition. This not only helps ensure security but will also provide the records and documentation needed for different regulatory compliance and sustainability reports.
- Ignore the ITAD plan/program.
Every company should have an ITAD plan or program in place to reference as needed. This plan should outline a process that will ensure equipment is safely and responsibly managed. It should offer a workflow of how these devices should be handled both from an internal perspective as well as criteria the ITAD Company should adhere to.
Implementing some sort of guidance or standardization throughout your IT department will help with asset tracking and will ensure devices are sent only to approved vendors. If the program is properly followed, your risk of a data disaster will be reduced.
- Implement the ITAD plan without any training.
A program is only effective if it’s properly communicated, understood and enforced. Make sure all team members are informed of the protocol in place and provided the necessary details to ensure successful implementation.
Once the plan is successfully applied, ongoing maintenance of the plan is important to sustain integrity and understand areas of improvement. In an evolving technology landscape, you will need to regularly visit your plan to make sure the processes are still relevant.
In addition new regulations such as the EU’s new General Data Protection Regulation (GDPR), will bring change to ITAD programs. As long as we continue to see data generated we will continue to see efforts made to improve data storage and security. Storing personal data is something businesses need to put structure behind to protect themselves and their clients. As a business, data retention and replication should always be assessed. If the data is no longer needed for business purposes, it should be removed. If it is not removed, businesses run the risk of being penalized. The GDPR fines go up to four percent of annual global turnover or €20 Million (whichever is greater).
Whether a data breach, non-compliance or environmental disaster the risks can be devastating to your business but can be avoided. This list is only a quick interpretation of habits that can put your business at risk. Consulting with an ITAD expert will provide you with solutions that are best fit for your company and will ensure you have the documentation in place to ensure your compliance.
Learn more about how our global ITAD solutions will help protect your business.