Computer Recycling: Keep Yourself Safe from Legal and Privacy Issues
It's time to dispose of those old computers, but who should you trust to safely recycle your equipment? Regardless of whether you're a business or an individual, understanding the implications of computer recycling is essential for keeping yourself safe from any potential legal and privacy issues. This article will focus on outlining the risks associated with computer recycling and provide useful advice for how to avoid these risks.
The Benefits of Computer Recycling
Computer recycling is the process of breaking down old and outdated computers, laptops, and other electronic devices in order to reuse and recycle the materials contained within them. It’s an important part of preserving the environment and reducing waste. By repurposing and reusing materials, computer recycling helps to conserve resources while keeping technology out of landfills.
Furthermore, not all computers need to be recycled immediately. If your IT equipment isn't considered obsolete, many electronics recycling companies are able to donate, reuse or resell the equipment -- giving the devices a new life. Under the right circumstances, some of these companies will even let you share in the profits.
However, while it's always good to reuse or recycle, the industry has a dark side.
The Dark Side of the Recycling Industry
Electronics recycling is a very competitive industry with razor-thin margins. It's often assumed that recyclers make money off of extracting precious metals like gold, silver, and platinum. However, the small amount of money made from metals doesn't begin to cover the labor involved in extracting those materials, along with processing the equipment and removing data. That means that most of the money earned by recyclers is from fees, and by refurbishing and reselling equipment.
The problem is that most electronic waste is just that -- waste. PCs over five years old are nearly impossible to resell at a profit. What's more, many consumers, and even businesses, are under the impression that recycling should be free. The result is that many so-called recycling companies have altered the traditional business model to make more money at your expense.
How an Unscrupulous Recycler Makes Money
Here's how it works: They'll offer you a great deal to wipe your hard drives and recycle your old computers. Once the equipment arrives at their processing center, they pick and choose from the best equipment. The newest equipment will sell easily. Next, they strip down newer, but broken devices and only sell what parts are still functioning properly.
As long as you didn't ask for your equipment not to be resold, everything they've done up until now is fine.
Now ask yourself, what do they do with the computers they can't sell?
What they should be doing is processing the old equipment the same way they did the new equipment: break everything down, and wipe or destroy the client's private data. The problem is that they charged so little for their service that they'd lose money on every piece of equipment. The more they process, the more money they lose.
Instead, it's more cost-effective for these companies to just dump the e-waste they can't make money off of, with the sensitive data still on the hard disks. They may dump it off on another company that will try to sell anything left of value (the remains get dumped again). They may dump it overseas to a developing country where child labor extracts precious and toxic metals and other materials. Or they may dump it... in a local dump.
How Bad Recyclers Can Hurt You
Why should you care about what happens to your computers? After all, you can't be responsible for what they do. Unfortunately, improperly recycled computers can come back to haunt you. While there are serious environmental concerns, it's exposed data that often gets a business in trouble. The importance of proper data removal when disposing of old devices cannot be overstated. It's common for businesses to end up in the news because the personally identifiable information (PII) on their hard drives gets exposed.
How big is the problem? The National Association for Information Destruction (NAID) conducted a study showing that 40% of electronic devices resold in the secondhand market contain sensitive PII.
For example, HealthReach Community Health Centers had to notify 101,395 Maine residents of a massive potential data breach due to hard drives that were not disposed of properly.
This can result in large fines. According to the HIPAA Journal, incidents of improper disposal of electronics in just the healthcare industry were reported 16 times in 2020, with close to 600,000 records potentially exposed in these incidents. Companies paid more than $13.5 million in fines during 2020, alone.
One of the largest fines was recently settled against Morgan Stanley Smith Barney (MSSB). They hired a non-certified electronics recycling company that sold thousands of MSSB devices, including servers and hard drives, to a third party, some of which contained customers’ PII. This resulted in a serious breach of privacy for some 15 million individuals and a settlement with the U.S. Securities and Exchange Commission (SEC) for $35 million. Taking into account previous fines and settlements, so far, MSSB's computer equipment disposition mistakes have cost the banking giant over $163 million.
How to Protect Yourself from a Computer Recycling Failure
When it comes to recycling computers, data removal is one of the most important steps. It's not enough to reformat the hard drive or delete files; there are plenty of methods that hackers can use to gain access to your data. You may have heard that resetting Windows 10 or 11 with the "remove everything" option enabled would get rid of all data, but even free file recovery software can bring the data back. Data removal should adhere to US Department of Defense (DoD) and National Institute of Standards and Technology (NIST) standards.
There is software that can do an adequate data wipe for you, but a one terabyte hard drive can take 24 hours or more to properly remove the data, and that's assuming your old computer still works. Destroying the hard drive is also an option, but most people discover that going all "Office Space" on your equipment loses its charm after the first drive or two.
The bottom line is that unless you're trying to wipe no more than a couple of hard disks, it's better to pay a little extra and have the recycling company do the work for you. However, after reading all the nightmare stories above, you're probably wondering if you can even trust the recycling company to do what they say they will. The secret to recycling success is certification.
Is the Electronics Recycler Certified?
Electronics recycling certification is a way for companies to demonstrate their commitment to environmentally responsible practices and data security. Companies that are certified by e-Stewards or R2, two of the leading electronics recycling certifications, must meet strict standards for reuse and recycling of electronic products. NAID AAA Certification is considered the premier standard for electronics recycling and secure data destruction. NAID certification is typically a requirement for companies in industries like finance, banking, insurance and healthcare. All three certifications require regular audits and training programs.
Certification programs require that recyclers properly account for the disposition of the computers in their possession, regardless of a computer's age or working status. As of this writing, we are not aware of any certified recycler being accused of putting unprocessed computers on the open market. It's just not worth the risk of losing their certification.
It's important to verify the certifications held by any potential recyclers before working with them. Dishonest recyclers can show a certification badge on their website when they didn't actually qualify for it. Click on the badge or check the certification program's website to see if the recycler is listed.
Other Services to Look For
Ask if the recycler provides a certificate of destruction (it may also be called a certificate of disposal or certificate of recycling). This is a report detailing the services performed and confirms data removal for each piece of hardware, ideally listed by serial number. These reports can be helpful for complying with regulatory requirements. However, because the recycler self-issues their own certificate, it should not be considered proof of proper disposition by itself.
Finally, it's also important for the recycler to take title to your equipment. In other words, your equipment is now owned by the recycler. This adds an extra layer of legal protection. Taking title is a common feature of legit electronics recyclers, but electronics brokers typically do not offer this service.
Taking title to equipment and offering a certificate of disposal are important services, but they need to be offered in addition to the third-party certification discussed above. They don’t provide strong protection to you by themselves.
In conclusion, computer recycling is a great way to reduce waste and make sure your data stays secure. However, it’s important to be aware of the potential legal and privacy issues involved. Do your research before disposing of your IT equipment to ensure that the personal information of your clients and your company remains private, and you’re not in violation of any laws or regulations. Taking the time to properly recycle your computers can give you peace of mind and help protect our environment.
— PC Disposal has been helping companies properly dispose of IT equipment since 1998. As a NAID AAA Certified responsible recycler, we are the first ITAD firm to offer a $1,000,000 service guarantee and secure transport cages for equipment holding sensitive data. Contact us to learn more about our services.