DMD News

ITAD: What Happens When Safety Is Ignored?

Written by Katherine Vines | Oct 6, 2021 3:52:31 PM

          As a functioning member of the 21st century, technology surrounds us. Deleting files, emails, and apps are as easy as, if not easier than throwing away important documents. Except, you wouldn’t throw away a bank statement with your account and routing number. What about a photocopy of your social security card? Of course not! You would shred every last paper and white out every last number. Why not take the same precautions with our digital footprint? We forget just how vast the digital space really is. We forget that hundreds of online shops have our credit card number. That our rotation of favorite passwords are used on hundreds of websites. That every credit and background check have a physical home, stored on mobile phones, on hard drives of computers, or in data centers. This is something we should take more seriously, yet we assume that the companies that store this information will dispose of it properly, with the same level of security as if it was their personal information.

          ITAD, or IT Asset Disposition, is the repurposing of unnecessary or outdated electronic devices in a secure and environmentally safe way. By contracting a non-ITAD company to perform ITAD services, the risk of compromising secure data destruction and jeopardizing your environmental goals increases. You can equate this to getting your hair cut. Would you rather have a professional stylist who has up to date licenses and a positive reputation or your neighbor who just bought clippers online last week? You probably already have an answer in mind, but would it make a difference if I said that one costs $100 and the other costs $10? Is saving $90 worth the potential (and likely) botched haircut that you now must go into the world with? Your reputation matters, just like how your company’s reputation matters. Cutting corners and crossing your fingers that things will go well is never a smart idea.

          Like a hair stylist that maintains proper certifications and licensing, an ITAD provider will maintain certifications in areas like secure data destruction (NAID AAA), responsible recycling (R2), and proper documentation (IOS). While these are only certifications, it shows a dedication to proper ITAD procedures. If a broker claims to provide ITAD services, and they don’t have any certifications surrounding proper data destruction, disposal, and documentation, this should be a major red flag. Remember, ITAD services must be performed in a secure and environmentally safe way.

          Morgan Stanley has been in the news lately for negligence of data security. To save $100,000 (or roughly 0.0017% of its annual revenue), Morgan Stanley contracted with an uncertified vendor to perform ITAD services for two data centers according to EScrap News. This vendor, then sold the devices (with the data) to a secondary vendor, who then sold some of the devices to a third vendor. You can see where this pattern is going. By the time these devices were sold for use, they still contained customer data.

          When Morgan Stanley conducted an internal investigation, they concluded that no evidence of data misuse occurred. Despite this claim, seven class-action lawsuits were filed against Morgan Stanley for loss of personal information, which are still ongoing. In 2020, The US Treasury Department fined Morgan Stanley $60 million for data mismanagement. This case has been active for five years and could have been prevented if a qualified ITAD company was hired.

          Securing company and customer data is crucial in progressing an asset to its next life. However, for those assets not fully repurposed we must ensure environmentally safe disposal. We forget that our phones, laptops, smart watches, desktops, and almost every other IT asset has components which are potentially hazardous and many are prohibited from being disposed of in regular curbside garbage. Lithium-Ion batteries, while allowing devices to be recharged, can cause deadly fires that cannot be extinguished with water.

          On June 29, 2021, an old paper mill located outside of Chicago housed an estimated 100 tons of lithium-ion batteries caught on fire. According to the Environmental Protection Agency, the fire burned for two days and caused a mandated evacuation of 1,000 housing in the surrounding area for four days. The first attempt to extinguish the fire used a chemical fire suppressant called Purple K. This was unsuccessful. With limited options available, the EPA and the local fire department pored cement over the 30-foot by 40-foot area. Even with the fire put out, monitoring of air quality and searching for more lithium-ion batteries occurred for the next week.

          NBC Chicago reported that the EPA will take legal action against the Superior Battery Inc, the company responsible for the improper and reckless disposal of lithium-ion batteries. The EPA reported that the fire, “has caused, threatened, or allowed the discharging of contaminants into the air and water, and the disposed or abandoned waste at an unregulated facility. This investigation is currently underway.

          I think we have all seen that one poster hung up in our high-school History class that said a variation of “act as if your actions make a difference, because they do.” As absolutely cheesy as phrases like these are, they carry some truth to them. Our actions, or inactions, make a difference in the way the companies we run operate. We get swept up in the 9 to 5 mindset, that what we do at work doesn’t really matter when we clock out at the end of the day.

          We have to remember that someone made the decision to contract with unqualified ITAD providers or to dispose of deadly lithium-ion batteries in an abandoned building. But we shouldn’t forget that a boardroom full of people did not prevent this decision from being made final. Act as if your personal information and your family’s safety is at stake.

          Want to discuss how ITAD services could benefit your company? Email DMD at Info@dmdsystems.com to schedule a meeting or get a quick response to a burning question. One email could save your company five years of legal battles and $60 Million in fines.