The Risk Of E-Waste At Your Company

Most security practitioners are not aware of a very real threat to their company’s image and reputation posed by E-waste. I was involved, as a consultant, in the physical security portion of a lengthy review concerning E-waste which poses serious and...


Finding a responsible e-waste disposal provider - a task that is often overwhelming. A first-rate recycler will meet or exceed EPA disposal regulations and guarantee that it will remove all confidential information stored on a computer. Recyclers should also return value.

The best way to determine if a recycler is responsible is to ensure it is certified. The EPA’s Responsible Recycling Practices certification program (R2) offers one such third-party certification. The EPA developed and endorsed the standard in partnership with the Institute of Scrap Recycling Industries (ISRI), recyclers, equipment manufacturers, state and local governments, and public interest groups. In 2009 the American National Standards Institute-American Society of Quality National Accreditation Board (ANAB) announced that it would endorse organizations to certify recyclers under the R2 standards. Third-party certification bodies conduct audits and certify recyclers that meet the R2 requirements.19

Companies should carefully evaluate and compare recycling options, but the R2 certification offer a good starting point.

In addition to certification, I recommend evaluating e-waste handlers using the following checklist:

  • Provides logistics support, insurance, and favorable rates
  • Takes ownership of used assets
  • Meets or exceeds environmental standards set by the EPA and guarantees a zero landfill policy
  • Employs International Association of Electronics Recyclers (IAER) or Institute of Scrap Recycling Industries (ISRI)-certified recycling process
  • Audits downstream partners
  • Ensures toxics in e-waste never go to the developing world
  • Removes asset tags and customer asset labels from equipment
  • Provides audit and tracking details on returned assets 
  • Puts assets to their highest and best use
  • Sanitizes electronics using Department of Defense- compliant and Health Insurance Portability and Accountability Act or HIPAA-compliant data procedures

In conclusion the environmental and data security risks facing organizations that handle used electronics are significant and must be managed. Increasing NGO, media, and regulatory scrutiny of take back practices heighten the public relations risk and legal liabilities for improper disposal. By employing best practices and utilizing a responsible e-waste recycler, companies can minimize risk and cost and maximize value from their used electronics.

Chris Hills CPP, CRMP

Chris@securityinterviews.com

.......................................................................................................................

4 Esty Environmental Partners. “Environmental Imperative of Responsible E-waste Disposal: Science, Impacts, and Savings.” 2008. http://www.estyep.com/documents/EstyTechTurnE-wasteWhitePaperFINAL_000.pdf.
5 Government Accountability Office. “Electronic Waste: EPA Needs to Better Control Harmful U.S. Exports Through Stronger Enforcement and More Comprehensive Regulation.” August 2008. GAO-08-1044.
http://www.gao.gov/new.items/d081044.pdf.
6 AFP. “‘Catastrophic’ e-waste fuels global toxic dump.” November 13, 2009.
http://www.google.com/hostednews/afp/article/ALeqM5gYUlBYRTFfxF-TdqWYp83fYd8lPw
7 Esty Environmental Partners. “Environmental Imperative of Responsible E-waste Disposal: Science, Impacts, and Savings.”
8 Tom Zeller. New York Times, Green Inc. Column. “Few Rules for Recycling Electronics.” May 31, 2009.
http://www.nytimes.com/2009/06/01/business/energy-environment/01iht-green01.html.
9 Government Accountability Office. “Electronic Waste: EPA Needs to Better Control Harmful U.S. Exports Through Stronger Enforcement and More Comprehensive Regulation.”
10 60 Minutes. “Following the Trail of Toxic E-Waste.”
11 Oladele Ogunseitan et al. Science. “The Electronics Revolution: From E-Wonderland to E-Wasteland.” October 2009.
12 Environmental Leader. “EPA Toughens Transboundary Hazardous Waste Shipment Regs.” December 29, 2009.
http://www.environmentalleader.com/2009/12/29/epa-toughens-transboundary-hazardous-waste-shipment-regs/.
13 U.S. Environmental Protection Agency. “EPA Fines Monterey Park Firm for Defying Order on Electronic Waste.” January 20, 2010.
http://yosemite.epa.gov/opa/admpress.nsf/0/af35e11510bad918852576b1006506c0?OpenDocument.
14 Tom Spring. PCWorld. “Hard Drives Exposed.” April 3, 2003.
http://www.pcworld.com/article/110012/hard_drives_exposed.html.
15 Petti Fong. Toronto Star. “Secret U.S. Data Found on Cast-off Hard Drive.” June 23, 2009.
16 Pete Warren. Guardian. “Anti-missile defence details found on secondhand computer.” May 7, 2009.
http://www.guardian.co.uk/technology/2009/may/06/data-loss-lockheed-missile-defence
.
17Alcides Segui. Fox News, Tampa Bay. “Child Finds Porn on PSP.” April 13, 2009.