Data from old tech can get in the way of your company's plans to recycle devices such as computers, servers and smartphones. According to Earth911, Americans throw out a staggering 9.4 million tons of unwanted electronics annually. At the rate most companies upgrade technology, they're faced with the problem of making sure sensitive data from devices doesn't fall into the wrong hands while disposing of electronics in an environmentally friendly way. Here's a closer look at some of the problems that may arise when you haven't properly wiped data from old tech and how to prevent potential security breaches.
Whether you recycle, donate or refurbish, the data that's on your devices can expose information you'd rather keep private or that you're legally bound to protect. Many recycling and donation programs wipe the data off your devices before they're resold or destroyed. However, it can also be a good idea to perform this data removal yourself, to guarantee that it meets your company's needs and industry regulations.
To ensure that repurposing electronics doesn't get you into data-related trouble, establish a clear policy regarding whether electronics can be recycled and what process they need to undergo in house to ensure your data is wiped before they're recycled. The security risks for improperly wiped data include:
- Identity theft
- Exposing company credentials to key systems
- Revealing company information
- Exposing regulated information (i.e. financial data or health information)
- Exposing employees' private data
Wiping the Data
It's possible to erase the data on any device with a bit of planning. Legal proceedings have determined that it's up to the company — not the recycling or donation program — to perform data removal. That means any liability that occurs as a result of a data breach linked to recycling old electronics falls on your company.
To minimize the risk of a data breach or loss during device recycling, develop a pre-recycling data strategy that includes the following steps:
- Back up any data you want to keep.
- Remove data disks, detachable storage devices and SIM cards as appropriate.
- For laptops or desktop computers, consider instituting a highly secure wipe from a DBAN disk.
- Encrypt your mobile device data and then do a factory reset.
- Consider having an internal IT resource verify that all sensitive data has been removed from devices before they're recycled.
Before recycling electronics, have a clear data management plan in place. Be aware that certain industries, such as health care and finance, are tightly regulated. Don't rely on recycling programs to stay in compliance; develop a data strategy that meets your needs. Recycling old electronics is the responsible thing to do — just take the necessary steps to ensure the data on old tech remains protected.