As technology becomes increasingly sophisticated, our government has created regulations that are demanding companies to step up their IT asset disposal efforts. Because, unfortunately, data breaches have become way too common… and already happening in 2023 - and its only January!
IT Asset Disposition (ITAD) regulations and mandatory industry certifications aim to ensure that consumer data stays safe and secure. No matter what industry you operate in, you must be aware of all relevant regulations that apply to them.
Starting with GDPR (General Data Protection Regulation) in May of 2018, the E.U. led the charge to control the unregulated data market. But remember, prior to GDPR, there was no guidance on what companies could or couldn’t do with consumer data. Even though the United States is still behind in creating an all-encompassing legal framework that protects consumer data… we have implemented some data privacy laws (by state): The California Consumer Privacy Act (CCPA), The California Privacy Rights Act (CPRA), The Virginia Consumer Data Protection Act (VCDPA), and The Colorado Privacy Act (CPA).
There isn’t an Act or law that incentivizes companies to maintain good ITAD policies, but these laws do highlight the need for organizations to build a comprehensive ITAD policy to reduce the risk of data breaches and make an effort to reduce mishandling of consumer data.
Every year, millions of tons of outdated equipment are discarded. The United States alone produces 40% of global e-waste (that was 98 million tons in 2022)! If not handled correctly, your retired electronics could end up being a security Achilles heel – causing damage to your company’s reputation and brand.
Considering that the average cost of a domestic data breach is now $9.94 million, it's important that the information stored on these retired electronics is secure throughout the decommissioning process. Here's a look at how our ITAD program helps our clients defend against data security risks and logistical complexities in your IT asset lifecycle.
Detailed Chain of Custody
As devices are pulled out of service and put into the asset disposition process, the first step in protecting the data on those devices is to keep track of where they are and who has access to them. From carefully packaging to shipping with vetted freight carriers, having a detailed chain of custody—from when devices leave the customer to the end of disposition—can help eliminate insecure variables.
We provide clients with real-time reporting and project visibility with Apto Pulse, our client portal. Clients can view inventory and active jobs in progress along with certification certificates and asset recovery sales history. Last year we enhanced Pulse’s reporting capabilities adding the Environmental Impact Reporting Tool to meet the industry's evolving needs to meet corporate Environmental, Social & Governance regulations (ESG).
Facility Security
A tightly controlled environment is a crucial aspect of any ITAD facility. All three of Apto’s facilities are equipped with surveillance with cameras, metal detectors, and an on-premises security team to discourage theft.
Our team members are issued a keycard with privileged access to certain areas of the facility based on their specific job responsibilities. Clients, guests, and other visitors like delivery drivers, and third-party vendors, are required to sign-in at the front office, wear a temporary identification badge, and tour the facility with an assigned escort.
Data Security
An iron-clad data wipe that renders data virtually unrecoverable is the only way to keep sensitive data safe. This is especially true for our clients with assets that still have market value or hard drives that they plan to redeploy.
Apto provides secure data erasure and hard drive destruction services either onsite at a customer’s location, or after transport, at one of our facilities. In accordance to the industry’s most stringent security standards, we use NAID AAA certified software driven erasure and shredding options that comply with NIST 800-88 guidelines.
A device that has been erased to NIST 800-88 guidelines has no usable residual data. Even with the assistance of advanced forensic tools, the data can never be recovered. This allows our customers to hold us accountable as we can also provide a record of their wiped devices. And through Apto Pulse, they can instantly download certificates of data destruction and certificates of recycling by the job, by date range, or individual asset.
Reach out to learn more about security and sustainability in ITAD. Our team of experienced ITAD specialist can work with you to create a customized disposition program to fit your organization’s needs.