Hardware upgrades are a fact of life, regardless of your industry. When it becomes time to dispose of old computer hardware, every organization must have a data disposal policy. A solid data disposal policy for electronic waste includes the following steps:
- Deleting and overwriting sensitive files
- Enabling drive encryption, if this is not already in place
- Deauthorizing the electronic device from the network
- Deleting the browsing history
- Uninstalling all programs
- Wiping the memory or physically damage the device to prevent data recovery
- Responsibly disposing the sanitized electronic devices
Disposition is the last step in the information lifecycle. Defensible disposition requires a record to document that the correct process has been followed in the event of an audit or some legal matter. While this is the end of most departments’ responsibilities to this process, there is much more involved for those organizations responsible for the actual disposal and recycling of electronic waste, especially within the United States.
Understanding the Resource Conservation and Recovery Act
These processes are governed by the Resource Conservation and Recovery Act (RCRA) of 1976, which focuses on mitigating the environmental hazards introduced by recycling hardware.
Two examples of such hazards this legislation attempts to remedy are that:
- The responsibility for determining the existence of hazardous material lies largely on the organization itself rather than an outside authority
- Information regarding acceptable levels of hazardous materials in the environment is difficult to define, navigate, and act upon
Both issues, as well as others, are being reviewed this year for modification.
Recycling Electronic Waste in a Paper-First Regulatory Environment
While there have been some updates to regulations, the requirements largely reflect the technology of the time of legislation. The U.S. government has already begun to correct these deficiencies.
Hazardous material in recycled or discarded hardware represents just one of the concerns targeted by regulations. Federal regulators submitted a proposal for public comment to ban exports of unprocessed electronic devices and require stringent tracking procedures for exports that are still allowed in 2018, and in 2019 U.S. Reps. Adriano Espaillat (D-NY) and Paul Cook (R-CA) introduced the Secure E-Waste Export and Recycling Act (SEERA).
The focus of the RCRA and pending legislation like SEERA is to prohibit the export of untested scrap electronic devices to limit the influx of counterfeit goods returning to the U.S. This regulation imposes measures to understand the depth of the issue in the U. S. market.
Regardless of any regulatory updates, hardware upgrades will never go away for any business. The key lies in how an organization manages the process as part of its larger information governance program. It is vital that information governance professionals keep abreast of ongoing regulatory changes so that they can keep their organizations in compliance.
Learn more about defensible disposition in this popular webinar recording.