Ecolabels and data sanitisation key to recycling and reusing IT assets

by Joseph K. Clark

Electronic waste, or e-waste, is a growing and global issue. In January 2019, the World Economic Forum (WEF) and the United Nations E-waste Coalition found that approximately 50 million tonnes are produced each year – most of which are either incinerated or dumped in the landfills of the world’s poorest countries. Since the start of the Covid-19 pandemic and the consequent shift to home working, much of the tech people used in their day-to-day work lives – desktop PCs, network equipment, on-premise servers, and so on – has been left behind in offices, all while enterprises have had to equip their employees with replacement hardware so they can continue working remotely.

The need to provide remote workers with replacement technology caused a massive spike in demand for equipment, according to Fredrik Forslund, director of the International Data Sanitisation Consortium (IDSC). This firm seeks to educate organizations and standards bodies about the permanent eradication of data. “All second-hand gear sold out, the whole industry globally saw every inventory selling out, and the demand was sky high and could not be met by the second-hand market or the first-hand market. The demand spike was enormous,” he says, adding that the flood of replacement hardware means “an enormous amount of infrastructure” will need to be recycled or reused.

To find out how enterprises can deal with the e-waste problem – which was already significant before the pandemic prompted a huge procurement push for replacement hardware – Forslund and Rohini Khanduri, a director at IT Asset Disposition (ITAD) firm Ingram Micro, spoke to Computer Weekly about how organizations can approach dealing with their equipment sustainably.

IT assets

Data sanitization and ecolabels

When equipment reaches the end of its usefulness, organizations essentially have three options – destroy, recycle, or reuse.   In terms of the difference between the latter two, Khanduri says. However, both serve the same goal of getting the equipment back into the market; reuse is about deploying the same device, while recycling is about breaking it down to its raw materials to be redirected back into the manufacturing cycle.

“It’s about getting it back into the ecosystem and avoiding landfill as much as possible, which affects the environment,” she says. Forslund, vice president of enterprise cloud and datacentre erasure solutions at data erasure services firm Blancco, adds: “The computer manufacturing process eats up approximately 80% of all energy and resources consumed through the entire life cycle of a computer.” This means to reuse, in particular, is vital to reducing the industry’s emissions and consuming limited natural resources such as lithium or cobalt – critical components in everyday electronic products such as phones and laptops.

However, to safely redeploy equipment, enterprises must ensure that all data held on the device is irrevocably wiped. “You have to have your data wiped 100%, and be able to prove it with audit trails on exactly who wiped it, when you wiped it, and what happened,” says Khanduri, adding that once wiped, the equipment can get back into the secondary market without the risk of sensitive personal information being carried over and still accessible to the new user. “If there’s no wipe solution, we take it to the next level… [and] send it for physical destruction, but our first goal is always to wipe.” It’s about getting it back into the ecosystem and avoiding landfills as much as possible, which is what affects the environment

Rohini Khanduri, Ingram Micro

Forslund adds that while specific IT assets may require different data sanitization processes, the overall task remains unchanged: erase, report, and audit. “If you take one of those things away, the whole chain of custody and the chain of trust falls,” he says, essentially meaning that the device cannot be safely reused or recycled if there is a risk that the data can still be accessed. Forslund and Khanduri recommend that to have confidence in these processes, enterprises must perform their due diligence on whichever ITAD firms they use to ensure secure methods are followed and adequately documented.

For Forslund, auditing the data sanitization process can also help to avoid privacy breaches, as “a lot of people and hands are involved” when dealing with end-of-life equipment, “and we see that whenever there is a breach, it’s very much been because of poor physical control”. He adds that if organizations do not have an audit trail built-in and data leaks due to the device’s redeployment, “you have a huge potential loss of goodwill, as well as financial penalties if it’s breaching privacy legislation”.

However, for recycling specifically, organizations need to know what materials are in the device to be approached safely. Many rare earth metals used in electronics can produce toxic waste if not incorrectly handled solution on the rise is “ecolabels,” which, similar to how ingredients are listed on food packaging, lets enterprises know precisely what materials their equipment contains. “We know exactly what’s inside of food because that has been in demand in the market for a long time,” says Forslund.

Related Posts