Back in 2009, the confidential data of a US government contractor was discovered on a hard drive purchased in Ghana. The data included confidential data and records, like contracts with the DIA, NASA and TSA, as well as personnel files and other sensitive company information. It is unclear how the drive was exported overseas with the data intact and accessible. Regardless, this kind of oversight has very serious repercussions for the company in question, not to mention national security.
Are Foreign Companies Legally Obtaining Used Electronic Equipment?
Though we may not know the particular route this hard drive took to arrive overseas, Ghana is well-known as one of the world’s largest importers of used electronic equipment. E-waste from all over the world is sent to Ghana, sometimes legally, but many times illegally. Any company would face incredible liability if their or their clients’ confidential data was discovered intact overseas. So how do you protect your company?
When Recycling Your Company’s Sensitive Equipment and Data, Pick Your Vendor Carefully
To keep your company safe, exclusively choose a recycling or an IT asset recovery partner who provides certified services. There are a number of certifications to be aware of:
1. Evaluate the Vendor’s Recycling Services
First, evaluate their recycling services. Do they provide R2 or e-Stewards certified recycling? These certified standards hold your recycling or IT asset recovery partner to a high level of accountability, preventing illegal, unethical and unsafe recycling practices.
2. What Kind of Data Destruction Services Do They Provide?
Next, what kind of data destruction services do they provide? Different data destruction techniques can meet different standards. Do their techniques meet DoD or FACTA requirements? Is their data destruction HIPAA and PCI compliant? While you are inquiring about erasure techniques, ask if they are willing to physically destroy your hard drives as well. Though compliant erasure techniques can completely eradicate your data from your drives, you can also request the physical destruction of the drives as well for a last measure of protection.
3. What Kind of Official Documentation Do They Provide to Validate the Security of Your Data?
Finally, what kind of documentation do they provide? Not only does documentation give you a written account of what happened to your IT equipment, it also gives you the records you need to protect your company from future liability if something happens. Written documentation, like certificates of recycling or data destruction, chain of custody logs, or other customized reports, is another level of professional accountability that will protect your company from liability.
Taking Proper Disposal Precautions Leads to Peace of Mind
From recycling certifications, to compliant data destruction, to written documentation, all these levels of oversight gives your recycling or IT asset recovery partner another level of accountability, giving you peace of mind that your IT equipment has been responsibly and securely managed.
Want to ensure your data is properly destroyed prior to being reused or recycled? Learn about our Certified Data Destruction here.