GDPR, environmental issues, financial implications and more make it more important than ever to pay attention to your IT hardware’s end of life.
While most companies are still grappling with the ramifications of Europe’s new General Data Protection Regulations (GDPR), Canada has taken another step forward in tightening its rules around data privacy.
As of Nov. 1, 2018, any organization that is subject to the Personal Information Protection and Electronic Documents Act (PIPEDA), is required to do the following:
- Any breach of security safeguards involving personal information that poses a real risk to individuals must be reported to the Privacy Commissioner of Canada.
- All affected individuals must be notified of the breach
- The records of the breach must be kept.
The commission of an offense under these new regulations will expose both large and small businesses to prosecution by the Attorney General of Canada and leave a company on the hook for potential fines.
While we often think of privacy breaches as happening in ‘the now’ with current systems in place, companies need to realize they could also be exposed with IT hardware at the end of its life.
In a study released January 2017, the US-based National Association for Information Destruction (NAID) said 40 percent of examined hard drives had personal information retrieved with basic software downloaded from the Internet.
In gathering the data, millions of hard drives and other storage devices that are recycled or resold were inspected.
All it takes is one hard drive or storage device to set off a chain of events that puts people’s information at risk, or worse yet, leaves a company’s valuable confidential information in the wrong hands.
What is the cost to a company if their trade secrets are revealed, or employees lose trust in the organization because their private information was stolen?
In a 2017 Leger survey, commissioned by TechReset, of 301 IT professionals at companies employing 100 or more people and earning at least $10 million in revenue, it was found that only two of 10 companies hired a firm with expertise in handling end of life IT hardware.
These results were extremely low considering the majority of respondents said data security was their primary concern.
The cost of a data breach could be staggering. Not only can companies face fines through the GDPR if European individuals’ data is exposed, but the average cost of a data breach in Canada was nearly $6 million in 2017, according to independent privacy researcher, the Ponemon Institute.
There’s a way to flip that number around.
Certified IT Asset Disposition companies like TechReset are able to expertly sanitize IT hardware that’s at its end of life for one company, but then repurpose it instead of destroying it.
That creates an additional revenue stream for companies, especially with most turning over significant IT hardware every two to five years. Using industry best practices, TechReset repurposes the retired equipment with the bulk of the cash returns going back to the customer.
It’s a proven way to offset the cost of upgrading your equipment and ensure the data is successfully handled – ensuring your company and your employees are protected and ensuring there are no GDPR compliance issues.
It’s not only a fiscally responsible decision, it’s an environmentally friendly one, too.
That equipment – servers, hard drives, switches, copy machines – stay out of the landfill. For many companies, being socially responsible is high on their priority list.
Properly disposing of end-of-life IT assets can take a back seat to other cybersecurity measures. It shouldn’t. Yes, protecting the company’s infrastructure today is important and needs careful attention.
By being informed of the potential returns and the available protection against the ever-tightening privacy regulations, companies can make the right decision with equipment when it reaches the end of life.