In most offices, there’s always a printer, computer, or other device that’s on its last legs and needs to be replaced. And, if pressed, you could probably put your hands on an old phone or broken fax machine, taking up space in storage. Secure office electronics disposal needs to be an ongoing strategy to protect your business from suffering the consequences of a data breach. You’re vulnerable to security issues every time you get rid of an old laptop or broken printer.
Your organization’s old electronics might not have value for you, but they could be valuable to opportunistic data thieves. Disposing of office electronics the wrong way could come back to haunt you. Shredding is the only way to know that your sensitive information is safe.
Secure Office Electronics Disposal: What’s Really at Stake?
What’s the worst that could happen if someone from your team decided to get rid of a broken company laptop by throwing it away in a dumpster? Maybe it’s an old computer that’s dead, and no one knows where the charging cord went. Buried deep in the dumpster, it might be safe from discovery. Eventually, it’ll end up in a landfill somewhere. It could sit undisturbed in the landfill for years, leaching heavy metals into the environment and potentially polluting the local soil and water.
Or, someone who scours landfills for valuable materials could find it and sell it to someone who knows how to bring that dead laptop back to life. And since it was dead before you got rid of it… who knows what kinds of private data is still on that hard drive? It’s an unlikely scenario, but not impossible. Throwing electronics away like regular trash means you’ll never really know if they’re trashed or salvaged.
Beyond data breach prevention, there’s compliance to consider. Secure data disposal is mandated by HIPAA, FACTA, NIST (the National Institute of Standards and Technology), and other regulatory agencies. Businesses that do any work with healthcare data, government data, financial data, and other sensitive information may be covered by one or more of those regulations. They all use different verbiage, but require permanent methods destroy certain sensitive electronic information; i.e. shredding, incineration, etc. Overwriting or wiping a device’s data isn’t sufficient for compliance if the device stores sensitive data.
Best Practices for Secure Office Electronics Disposal
- Shred any electronics that can retain information. That includes many common office equipment: laptops, phones, external hard drives, printers, scanners, old fax machines, etc. Any device that could potentially hold records of information relating to your business, employees, and/or customers should be shredded. This includes any “smart” devices. Certain electronics may be safe to recycle or donate because they can’t hold sensitive data, like obsolete computer monitors and non-“smart” keyboards. But don’t worry about making the distinction between what needs to be shredded vs. what needs to be recycled. Your shredding service can work with your organization to ensure that all recyclable components of your electronics are properly disposed of.
- Follow a policy that office electronics must be turned in for professional destruction. In other words, make sure employees know they’re not allowed to take/donate any office electronics, or try to destroy obsolete devices on their own. DIY data destruction methods are on-the-job accidents waiting to happen. Using a blanket policy of “all company devices are to be destroyed by a professional third party vendor” reduces your data breach liability.
- Have an org chart for managing everything related to disposing of data. Depending on how your organization is set up, it might be wise to establish one administrator or manager as the point person for overseeing secure data disposal. You need to have at least one person in charge of coordinating the collection and disposal of obsolete devices, and a backup plan for who takes charge when that point person isn’t at work. You can’t risk something falling through the cracks (like a departing employee failing to turn in one of their devices) because the person who normally coordinates data disposal is out with the flu, and no one’s covering this role.
- Keep comprehensive records, just in case. Most organizations will never need to show anyone proof that they shred all their electronics and other sensitive data at end-of-life. But it’s a question that could come up in an audit, or if the organization is ever suspected of allowing a data breach. Whoever you have in charge of secure office electronics disposal may create their own record-keeping system to track the destruction of company electronics. They should also collect Certificates of Destruction from your shredding service every time a load of materials is shredded. This paperwork should include serial numbers of any hard drives and other storage devices you have shredded.
Does Your Business Need Data Destruction Services in Massachusetts?
Northeast Data Destruction handles secure office electronics disposal for businesses of all kinds. Our facility is NAID AAA Certified, which tells you that we meet (and exceed!) the most rigorous industry security standards. Our industrial shredders can permanently destroy your hard drives and other electronics in just seconds. Contact me today!