Data Privacy Day, held January 28, is an annual event to raise awareness and promote privacy and data protection best practices. We want to use this day as a great reminder of the importance of global privacy and security. Privacy issues can be detrimental to a business and IT asset disposition (ITAD) companies are vital in the process of protecting data.
According to a Spiceworks 2021 State of IT report, 33 percent of businesses plan to improve their security, risk and governance in the next year. Data security is an important consideration during all stages of the IT lifecycle. Even when devices no longer function, security protocols must be in place for disposal and reports show it pays to invest in strict privacy programs and security protocols.
Prioritize Privacy and Security
Those who prioritize privacy are realizing the benefits.
- 40 percent of those who invested in privacy programs, are seeing a return at least twice that of their privacy spend.
- 84 percent of customers are more loyal to companies with strong security controls.
- 48 percent of customers have stopped buying from a company/using a service due to privacy concerns.
- 75 percent of customers strongly associate privacy with trust.
When it comes to the security of IT assets, often managing their retirement is the weakest point in the organization’s data security strategy. Many IT security strategies focus more on deployment and replacement of assets than their disposition, allowing for major gaps in security which can occur due to:
Inadequate data erasure – Unsuccessful data destruction can make previously stored data retrievable.
Mismanagement of assets – There have been circumstances where disposition partners have violated their contract and resold devices instead of shredding them.
Poor asset tracking – You cannot be confident that data destruction has been performed successfully, if assets are not tracked and recorded properly. Your ITAD vendor should be able to locate assets throughout the disposition process and verify methods of data destruction. This is usually made visible using an online ITAD portal.
When managing the reuse and recycling of IT hardware, ensure your ITAD vendor can perform data destruction in compliance with NIST 800-88 r1 standards, as well as other equivalent local standards. These include HMG IA Standard No. 5 in the United Kingdom and DIN-63699 in Germany. The method used will depend on asset type and whether or not the drive is going to be reused.
There are three main types of data destruction services:
- Data wiping (allows for secure reuse)
- Degaussing and crushing (effective for small quantities)
- Hard drive shredding (best for high-volumes)
Data erasure is performed when assets with magnetic and solid-state drives are destined for reuse in compliance with NIST “clear” standards. After wiped drives they are 100 percent data safe and can be reused or resold in order to maximize value return.
*Ask your ITAD provider for certificates of data destruction or certificates of responsible recycling, when relevant.
Understand Global Data Privacy Laws
66 percent of countries have existing legislation to secure the protection of data and privacy and there is growing interest in doing so around the world. The EU General Data Protection Regulation (GDPR) is a major legislation acknowledged globally and Brazil, Canada, China and New Zealand are all introducing similar legislations. All aim to protect consumers’ right to privacy.
Additionally, with Brexit the UK created their own version of the GDPR known as the UK GDPR. This new UK GDPR is still based on the same criteria of the Data Protection Act of 2018, however the UK will have the ability to make their own changes as they see fit in the future.
In the United States, there is data privacy legislation that includes the COVID-19 Consumers Data Privacy Act of 2020, the Public Health Emergency Privacy Act, and the California Consumer Privacy Act (CCPA). With California paving the way, there are around 30 states working on their own version of the CCPA legislation.
If you are managing your company’s IT asset disposition globally, you should contact your ITAD vendor to ensure they are ready for Brexit in addition to staying on top of changing regulations and legislations.
Here is a list of some ITAD regulations affecting global IT asset disposition today.
Be Diligent in Selecting the Right ITAD Company
Selecting the right company to manage these services is important. Gartner recently released a 2020 “Market Guide for IT Asset Disposition”. The Market Guide includes market recommendations for contracting global ITAD services and is designed to help IT leaders identify the right ITAD processes and vendors for their requirements.