Recycling and selling old kit can be fraught with problems so how do businesses avoid the pitfalls?
You step into the office. All around you, coworkers frantically bustle like bees in a hive under threat. “Have you seen the news?” one panicked executive asks. IT workers race between tasks with a distinct tinge of fear. With rising dread, you watch a screen tell the story of an 8-figure data breach. Your company’s logo comes on the screen. Fear and panic become the norm, and blame gets tossed around like a job security hot potato.
It can happens more often than we want to consider. Even companies that do their best to continually be more socially responsible can fall prey to reputational nightmares.
While the data center industry invests billions in network security software, tools, and other services, the hardware itself is often seen as an afterthought. The ‘out with the old and in with the new’ mantra is fair enough but what if that old kit is not handled properly? What if sensitive data is still on hard disks?
It’s more than just reputation at stake here. If a company is working in Europe, for example, GDPR regulation could see huge fines imposed. That data is still the responsibility of the company, regardless of whether or not it is using it. This is why decommissioning hardware is increasingly essential. To neglect it, would be a costly mistake.
Additionally, many companies trust uncertified recyclers to take care of all their disposition needs without following up or tracking those assets to true end of life. As a result, many companies have come under fire when their improperly disposed of assets were found in China, and more recently Thailand.
To safeguard your company’s reputation, protect your precious data, and prevent any toxic E-waste from impacting the environment, proper decommissioning is critical. So, what are the best practices for decommissioning? As corporate social responsibility is strongly correlated with success, how can businesses use decommissioning as a way to boost their brand?
Don’t lose that data
Data center projects can be messy, and often exceed budgets and deadlines. Many of these projects involve rapidly replacing old hardware with new hardware, and avoiding any downtime whatsoever. In the chaos of moving chillers, server racks, power units, storage systems, networking equipment, cables, and countless other pieces of equipment, it can be easy to miss one or two items.
And what’s the harm in leaving some pulled drives sitting around when we’ve got to finish this massive IT project?
Last year, Washington State University learned that even a single hard drive in a safe can be a crippling error, with over a million records leaked.
Thankfully they were insured, because just the postage costs to send letters informing the relevant parties amounted to nearly half a million dollars.
The reality is that there is no room for error with any storage hardware. The traditional practice of pulling drives and then waiting for a company to show up and shred them is insufficient.
It can be difficult to track assets effectively and prevent drives from going missing in the chaos of a big project.
Some companies offer a solution that involves erasing server data over the network before drives even leave their racks. By wiping drives before any hardware is moved, you eliminate the chances of any drives going ‘missing’. It’s no secret that sensitive corporate data can fetch large sums, so why not remove the temptation from any potential unscrupulous employees.
Additionally, with this method companies can reuse or resell drives and storage systems to minimize their environmental impact. IT manufacturing and recycling both place a notable burden on the environment. Aside from outdated zombie servers, any hardware that you can reuse helps boost your company’s green footprint, and with it your brand reputation.
For this reason, it can be helpful to partner with an ITAD company for any still-working equipment or purchase a hard drive shredder, to immediately dispose of any sensitive data once drives are pulled from production. If you do shred or recycle, look for a re-use for any scrap metal you accumulate.
Be accountable for recycling
After being implicated for cheating on emissions tests in 2015, Volkswagen lost the trust of the public. Shortly after, a survey published by Autolist found that the public was 28% less willing to buy a car from VW. The public cares about the environment enough to sway stock prices, and e-waste is a growing concern. According to the Global E-Waste Monitor, 44.7 million metric tons of e-waste was generated in 2016 and only 20% was recycled through appropriate channels.
One of the biggest issues is reputable recycling. Not all recycling is equal. In years past the recycling industry had little visibility, and the vast majority of recycling companies held no official certification. Organizations trusted that they could simply hand kit to a recycler and it would be handled properly. As e-waste scandals, documentaries, and other content came to public awareness, pressure mounted to regulate the disposition industry, and now the majority of US recyclers are certified.
Although it’s a step in the right direction, using a certified recycler does not guarantee that your logo won’t be photographed in a toxic landfill.
Much of the improper and illegal disposition is actually sourced from certified vendors. Over the past two years, several companies have failed to follow proper recycling policies, allowing e-waste to end up in toxic landfills, damaging the environment and local populations. Worse still, even legal exports still get smuggled and find their way illegally into landfills. The UN study found over two years that thousands of tons of electronics ended up overseas through poorly assessed ports.
Clearly recycling is not that straightforward but there are a few things organizations can do to protect its reputation for social responsibility. Firstly, pick a verified decommissioning and recycling vendor. If you choose to rely on an unverified source, hefty fines and serious penalties can ensue. Look for organizations which hold the R2 or E-stewards certification. But don’t assume a company is operating in good faith either – make sure you see the current documentation, and where possible, see their processes yourself.
Secondly, it’s important to track your e-waste downstream. Many recyclers will send their material to other recyclers before it reaches its final resting place. To verify that it really did end up in a healthy place, request that your recycler sends you all of the relevant downstream documentation. It’s the least they can do, if only for the sake of their reputation, as well as yours.
Can one of our readers answer this question from Jim Lee?
Richard Henderson, Publisher
How about using blockchain to trace data and delete data?