What Is It?
Getting rid of personal computers, servers, and other obsolete orunneeded devices in a secure and environmentally sound manner.Concerns about information-technology asset disposal arebeing driven partly by increased regulationmany states nowbar computer equipment from simply being disposed of in a landfillbecause of concern about toxic components leaching into theenvironment. In addition, both regulation and worries about publicembarrassment are driving companies to guard against thedisclosure of customer data stored on PC or server hard drives.
Dennis Owens, director of environmental services at the MemorialHospital of Rhode Island, says the issue came to a head when thelocal landfills “quite suddenly” stopped accepting computer equipment.As he scrambled to find someone who would take obsoleteequipment off his hands, he says, “We literally had people with pickupscoming to us and saying they would take care of it for us.”
But at the same time, he was reading about computer wastewinding up in Third World countries and contaminating the drinkingwater. The hospital’s information systems department also cameto recognize that the techniques it was using to wipe hard drivesmight not guarantee that the data would be completely removed.So, the hospital now contracts with NextPhase, which takes responsibilityfor remarketing, recycling or disposing of equipmentandcertifying that it is done in a safe and secure way.
“This is what a lot of our customers are asking forprotect mydata and keep my company out of the headlines,” says Chris Adam,director of NextPhase.
What Are My Options?
For most companies, the most efficient way of addressing this issueis to outsource it to a firm offering a package of data sanitization,asset disposal, remarketing and recycling services. Asset disposalspecialists include NextPhase, Intechra, TechTurn, Supreme AssetManagement Recycling and Cascade Asset Management, as well asdivisions of major vendors like IBM, Hewlett-Packard and Dell.
“Unless you’re a large organization and can afford to have adepartment specifically geared up to do this, I’ve been advising clientsto outsource for years,” says Frances O’Brien, a Gartner analyst.
What you want to do internally is look to reduce the amountof computer waste your organization produces, O’Brien says. Forexample, you might want to have employees keep the same monitoreven when replacing their PC. Older PCs can also sometimes beredeployed for less demanding applications, extending their total life.
What About Leasing?
Corporations that lease, rather than purchase, PCs and othercomputer equipment may not have to worry about the disposalaspect per se, but sanitization of computer hard drives usually isnot automatically included in the leasing agreement.
To be really sure you are protecting against the disclosure ofcorporate data, O’Brien recommends hard drives be sanitized toDepartment of Defense standards. The alternative, which is sometimescheaper, is to destroy the hard drive.
Are the Requirements the Same for Everyone?
Not necessarily. Start by taking stock of your organization’s tolerancefor risk, the nature of the devices you will be disposing of andthe type of data stored on them.
Firms in regulated industries, like finance and health care, willwant the greatest assurance that data is properly sanitized. On theother hand, a manufacturer disposing of PCs used for shop-floor controlmay not have to worry about them containing consumer data.
If you want the greatest level of assurance, O’Brien recommendspicking an established vendor with solid financial backing,and conducting your own audits to ensure that the firm is deliveringthe promised levels of service.