IT Asset Disposition (ITAD) and Data Destruction is serious business and improperly handling and disposing of old IT assets create unnecessary risk for businesses and organizations.
Here are 5 things Canadian IT professionals need to know about security and electronics recycling.
1. You Have Legal Obligations Whether You Know It or Not
PIPEDA. PHIPA. PIPA. Maybe you haven’t heard of these acronyms, but your lawyers have. Ignorance of the law doesn’t exclude you from it’s reach. In fact, not knowing is non-compliance alone, but we’ll leave that point for another day.
Privacy legislation in Canada and Ontario has been around for many years and all of it contains provisions and requirements for the disposal of private information, including information stored in IT assets.
Are you confident your current data-deletion regime will guarantee your legal compliance?
2. Delete ≠ Destroy
Speaking of data-deletion, most people we speak with assume that to delete something is to get rid of it forever. However, this simply is not true when it comes to sensitive data on hard drives.
In the world of information security deleting something means to hide it from view, but make no mistake that data continues to live on and can be easily recovered with some basic data recovery software.
Trust us when we say that data destruction is not the area to cut corners on. A mistake here can cost your business more than a few dollars and can seriously harm its reputation as safe and secure.
3. Work with Experts
It’s common to hear from companies we speak with that they prefer to have their data destruction needs dealt with in house, because on first glance it appears to be more cost effective and more secure. We have rarely found either of these points to be true.
If you have a dedicated body looking after this process in-house that’s going to be a salaried position with benefits. We can guarantee that working with a reputable data destruction company will be far more cost effective.
The more likely scenario, however, is that this in-house person will have data destruction as a small part of their overall responsibilities - if at all. It’s unlikely they will be an expert in data destruction and IT Asset Disposition.
Wouldn’t you rather work with a team that lives, eats and breathes secure data destruction?
4. Chain-of-Custody & Certificate of Destruction
Like with all big decisions it’s important you do your homework before choosing a data destruction team to work with.
The company you work with should have a secure chain-of-custody that they can share with you when the process has been completed. You should be able to see exactly the path your products took and who was handling them at any given point. They should also be able to provide you with a certificate of destruction once the data has been wiped.
If a secure chain-of-custody and a certificate of destruction aren’t part of their equation they shouldn’t be part of yours.
The final step is to arm yourself with knowledge of the certifications that exist in the Data Destruction and ITAD industry, so you and your colleagues know what to look for when choosing a team to work with.
Some of the major certifications to look for are:
- Canadian Personal Information Protection and Electronic Document Act (PIPEDA) U.S.
- Department of Defense (DoD) Standard 522.22M (Data Sanitization)
- National Association of Information Destruction (NAID Certification)
- Electronics Recycling Standards (RQO)
- R2:2013 SERI Certification
You can rest assured that any team that has put in the effort to achieve these certifications has the systems and insurance in place to complete the work securely and professionally.
We know that data destruction and e-waste recycling can seem complicated. However, we are on a mission to bring clarity to this industry and provide answers that will help you make the best decisions when it comes to the safety and security of your business.
If you have questions about anything we mentioned above or anything else to do with this industry please comment on this post or get in touch at firstname.lastname@example.org - we’d love to hear from you!