Hardware upgrades are a fact of life regardless of your industry, and with them comes the need to deal with electronic waste such as disposed hard drives, computers, and other technology. With a market valuation estimated around $300 billion, the enterprise “secondary IT market” represents a vast quantity of hard drives and other physical artifacts of digital media that needs a higher level of consideration than typical shredded paper waste.
A Hardware-Aware Data Disposal Policy
Every organization must have a Data Disposal Policy that includes the following steps:
- Deleting and overwriting sensitive files
- Enabling drive encryption, if this is not already in place
- Deauthorizing the electronic device from the Network
- Delete the browsing history
- Uninstall all programs
- Wipe the memory or physically damage it to prevent data recovery
- Responsibly dispose of the sanitized electronic devices
Disposition is the last step in the information lifecycle. This requires a record to document that the correct process has been followed in the event of an audit or some legal matter. While this is the end of most organizations’ responsibilities to the process, there is much more involved for those organizations responsible for the actual disposal and recycling of electronic waste.
These recycling organizations are governed by the Resource Conservation and Recovery Act (RCRA) of 1976, which focus on mitigating the environmental hazards found in recycling hardware.
The legislation attempts to mitigate issues that arise in disposing of hazardous waste, including:
- The lack of outside authority to determine the existence of hazardous material
- The difficulty of navigating and understanding lists of hazardous materials and their acceptable levels
Both of these issues, as well as others, are being reviewed in 2020 for modification.
(Learn more about the RCRA at resource-recycling.com)
An Evolving Regulatory Landscape
While there have been some updates to the regulations, the requirements largely reflect the technology of the time of legislation. The Federal government has already begun to correct these deficiencies.
Hazardous material in recycled or discarded hardware represents just one of the concerns targeted by regulations. Federal regulators submitted a proposal for public comment to ban exports of unprocessed electronic devices and require stringent tracking procedures for exports that are still allowed.
The focus of the RCRA is to prohibit the export of untested scrap electronic devices to limit the influx of counterfeit goods returning to the U.S. This regulation imposes measures to understand the depth of the issue in the U. S. market.
Regardless of any regulatory updates, hardware upgrades will never go away for any organization. The key lies in how your organization manages the process as part of its larger information governance program. It is vital that information governance professionals keep abreast of ongoing regulatory changes so that they can keep their organizations in compliance.
Read Risks and Opportunities of Managing Information Chaos today for ways to future-proof your organization with well thought approaches to intelligent information management.
