Most businesses have an IT closet where unwanted or broken electronics sit, waiting for the day they’re disposed of. Out of sight, out of mind is certainly easier than figuring out how to properly destroy data, determining what something is worth, and determining the best way to get rid of it. Unfortunately, this invisible e-waste becomes a liability.
Instead of being a room for clutter or spare parts, it becomes a liability that puts you at risk of fines and lawsuits for failing to comply with data privacy laws. ERI helps you better understand what invisible e-waste is and how to turn it from a liability into a valuable asset.
Differences Between Visible vs. Invisible E-Waste
Visible e-waste is easily managed because it’s the items you see on desks or in employees’ hands. They’re the devices being used each day. Invisible e-waste is technology that’s no longer used, a forgotten part of your IT Asset Management plan. They usually include:
Decommissioned peripherals – Items like copiers, printers, and scanners
Ghost servers – Units disconnected from applications but never removed from racks
Internet of Things and Edge Hardware – Items like badge readers, smart security cameras, smart speakers, and smart thermostats
Shadow inventory – Items like old hard drives that were removed from old computers or laptops and never wiped or smartphones and tablets that employees never returned
Real-Life Situations Where Unused Electronics Became a Costly Lesson
Old electronics come with risks, and those risks must be carefully managed. If you don’t use caution when disposing of them, you not only subject your company to massive fines but also damage your reputation through media coverage and class-action lawsuits.
Morgan Stanley – The Importance of Knowing Downstream Vendors
Morgan Stanley was fined $60 million for failing to correctly decommission a data center. The company hired a third-party vendor to wipe data and remove old servers, but failures in inventorying and tracking led to the servers being sold with unencrypted customer data still present.
The company’s mistake was failing to carefully select a certified ITAD partner to conduct a thorough audit before recycling. The money they may have saved with a third-party vendor ended up costing them dearly.
HealthReach Community Health Centers – Storage Facilities Aren’t the Solution
For a small Maine health practice, storing old hard drives at a storage facility proved a poor decision. When the data storage facility disposed of the hard drives, patient data wasn’t destroyed, violating HIPAA regulations.
Protected health information (PHI) for almost 117,000 patients was on those hard drives. The company had to provide a year of free identity theft protection to affected patients. They also had to pay for a $1 million insurance reimbursement policy.
Wignalls Wines – Even Batteries Should Be Carefully Stored
Data breaches aren’t the only threat you face when putting electronic devices in storage. Think about the devices sitting in your storeroom or IT closet. How many of them have rechargeable lithium-ion batteries?
An Australian winemaker’s warehouse was destroyed when a lithium-ion battery in a rechargeable screwdriver caused a massive fire. The winery’s tools, machines, and some wines were total losses.
Storing rechargeable batteries and devices in fireproof boxes is recommended. Recycling unused rechargeable devices is essential.
The Risks of Invisible E-Waste
There are four important reasons to ensure that you recycle tech as soon as it’s no longer needed.
Data Security:
Data security is important. Not only are you responsible for complying with state and federal privacy laws, but you also risk damaging your company’s reputation among your clients, customers, employees, and shareholders. Any data on old devices that ends up in the wrong hands is both financially and reputationally costly.
Laws and Regulations:
The EPA’s Resource Conservation and Recovery Act (RCRA) and state laws set the rules for how electronics are handled across the nation. If an electronic that was registered to your company is found in a landfill, you’re responsible. It doesn’t matter whether you gave it to an employee or chose a cheap vendor to recycle it for you; you’re responsible for ensuring that data is destroyed before recycling or refurbishing.
Environmental, Social, and Governance (ESG) and Your Investors:
ESG metrics are becoming a key way for companies to measure their progress on environmental and societal impact. A company that cannot account for its legacy technology is viewed as a high-risk investment. If you support a circular economy and ensure data security throughout the recycling process, you’re at an advantage.
Physical Safety:
It’s not just your building and possessions at risk if an unused lithium-ion battery starts a fire. Your workers, residents, employees of nearby buildings, and firefighters are all at risk. Their safety must be a priority.
Five Steps Help You Audit Invisible E-Waste
While it’s clear why invisible e-waste is damaging, how do you best manage it?
#1 – Perform a Physical Inspection
Set aside a day or two, maybe a weekend, and get your IT team to perform a complete inspection of everything in the IT closet, storeroom, or storage locker.
Compare the items inspected to a list of assets that were listed as in that closet. Make sure the inventory sheet matches what you find. Items that aren’t in use are marked as invisible electronics on your IT Asset Management List.
You should also go through and double-check that the electronics your employees use each day are accounted for. They’re your visible electronics and need to be inventoried, too.
#2 – Run a Network Ping
Utilize network discovery tools to identify all MAC addresses that are being used on your network. Does it match your IT Asset Management spreadsheet? If you have devices that are connected but not on your list, find them.
#3 – Categorize Data Storage
When you find items and add them to your list, check its storage device. Does it use an SSD, flash drive, or hard drive? Do you know what data is on it?
#4 – Value the Risk
Now that you know which devices can store data, make sure you know the state of the data. Have the devices been factory reset? Has a data wipe been completed using software like Darik’s Boot and Nuke (DBAN)? If you’re uncertain, that device needs to be marked as high risk.
#5 – Establish New IT Policies
You’ve found where assets aren’t being properly managed. It’s a good time to establish new policies for your team to follow. As soon as a device is removed from a rack or turned in by an employee for damage or replacement, it needs to go through a “Secure Chain of Custody.”
Have an ITAD partner who will pick up the items, securely transport them to a facility for processing, and provide proof that you ensured the old electronics were properly recycled, with data destruction included as part of the process.
Why Choose ERI for Asset Management and Recycling
Managing the sheer volume of enterprise e-waste is not easily done by an IT team.. To achieve true “Zero-Risk” disposal, you need an ITAD partner whose security standards exceed your company’s. ERI is the largest fully integrated ITAD provider in the United States. Our processes and facilities are built specifically to handle the complexities of enterprise-level e-waste processing.
Every item we process, whether it’s on-site at your business or in our secure facility, receives a Certificate of Destruction, providing proof that the data was destroyed. You have proof that your old electronics were recycled in accordance with federal and state laws.
Regardless of whether you ship your electronics to our nearest facility or have us pick them up, secure transportation is guaranteed. You can access our proprietary tracking system to see in real time where your electronics are, what stage of the recycling process is taking place, and when the work is complete.
ERI holds several certifications but a handful stand out as the nation’s most valuable credentials for an ITAD and e-waste recycler and how they fit into your company’s ESG criteria.
- e-Stewards – Environmental
- R2v3 – Environmental
- ISO 9001, 14001, and 45001 – Environmental, quality, and worker safety
- SOC 2 Type II – Data security and privacy
ERI is a leader in the circular economy. We extract as many precious metals and raw materials as we can from your old tech. This ensures that the old components from your storeroom or IT closet turn into materials used to make new tech.
Schedule a professional liability audit of your enterprise’s e-waste today. We help you ensure compliance, while supporting the circular economy
The post From IT Closet to Liability: Auditing “Invisible” E-Waste in Enterprises appeared first on ERI.
