Data is now considered more valuable than oil. Whether a company has highly confidential commercial information or collects and stores identification data, there should be thorough systems and processes in place to minimise the likelihood of privacy and data breaches. While many instances of data and privacy breaches can be the result of cyberattacks, such as the recent Optus data breach, incorrect asset decommissioning, and e-waste processes can also leave a company exposed. This article outlines how responsible asset disposal minimises data privacy, cybersecurity and regulatory risks.
The penalties a company can be subject to if it incorrectly disposes of assets can cost millions of dollars. For example, in the USA, wealth management firm Morgan Stanley Smith Barney (MSSB) recently reached a settlement of a USD35 million penalty with the Securities and Exchange Commission (SEC) after it incorrectly disposed of thousands of hard drives and backup drives containing people’s identification information.
The hard drives were disposed of throughout several data centre decommissioning and moving projects in 2015. While the settlement documents make it clear that the company had an information technology asset disposable (ITAD) program in place, it was “not reasonably designed” and “failed to ensure that a qualified vendor was used for data decommissioning.” The key weakness in MSSB’s case was a lack of accountability and assurance processes to ensure data was securely wiped from devices before they were e-wasted or sold on the secondary market.
In an era where data breaches and access to identifying information are lucrative for cybercriminals, it’s critical that IT leaders and commercial decision-makers ensure they have effective and secure ITAD programs in place. For example, a sustainable leasing arrangement, such as Quadrent’s Green Lease, ensures a company’s devices are e-wasted responsibly while providing a positive social impact. This positive social impact is delivered through securely decommissioning and wiping devices and making these available to kids for use in schools. Quite often, these students may not have had access to a laptop or mobile phone to get the best learning experience possible.
Taking steps to decommission assets securely is an essential component of the asset lifecycle. Not only can it help companies reduce their e-waste by making devices available on the secondary market, but it also ensures that any of the sensitive data that was once stored on the devices is wiped. This ensures an organisation is not exposed to the financial, reputational and regulatory impacts of a privacy breach. Further, with Quadrent’s Green Lease, the leasing process is assured by PwC to provide companies with peace of mind that its leases have an independent verification of ESG compliance.
Quadrent’s Green Lease can play an important part in helping companies redistribute or responsibly dispose of their devices once they have reached the end of their useful life within the organisation. Not only will this reduce the amount of e-waste that companies produce (reducing CO2 emissions), but with our initiative to help people in need get access to devices in their “second life”, laptops and phones are kept in use for longer. This makes a positive social impact and a demonstrable difference to a company’s environmental footprint.
Quadrent works with organisations helping them access assets without sacrificing cash flow and addressing their ESG risk in the process. With a team that has in-depth leasing knowledge and specialised accounting backgrounds, we’ll help you get the most value out of your assets while addressing growing ESG requirements and reporting expectations.
Proactively manage data privacy, cybersecurity and regulatory risks with Quadrent. Click here for more information.