Channel clean-up: dealing with e-waste
Ethically disposing of IT waste is not only becoming a must, but a big business. Billy MacInnes looks into how the channel can get involved.
Disposal or recovery of IT assets has become increasingly important to customers as they refresh technology and retire old machines and technology. It’s also big business, with a report by MarketsandMarkets predicting the global IT asset disposition (ITAD) market will grow from $10.12bn in 2015 to $20.9bn by 2022, at a compound annual growth rate of nearly 10%.
In another report, Transparency Market Research predicts the ITAD market will be worth slightly less at $18.18bn by 2024. But it stresses that ITAD is becoming integral to companies because the changing IT landscape, including the evolution of cognitive computing, cloud computing, big data analytics and the internet of things (IoT), “has created a mammoth problem of mounting e-waste”.
The company notes ITAD is “increasingly being adopted by companies worldwide to manage this waste disposal, minimise the risk of data loss and the subsequent monetary loss. With a range of services such as recycling, recovery, data sanitisation or data destruction, among others, the ITAD market has carved a sizeable niche for itself”. Many vendors have their own asset recovery businesses that offer a number of services, such as disposal, recycling, resale, buyback and data destruction. Vendors such as IBM and Dell will manage the disposal of assets in accordance with all applicable regulations and dismantle, recycle and dispose of products with no market value. Those products that retain some value can either be bought back (IBM) or resold (Dell). In either instance, data on the equipment will be erased.
But is there a role for the channel in this process? The answer would appear to be “yes”. When Toshiba recently launched an asset recovery programme, it suggested the scheme could provide partners with another opportunity to engage with customers by encouraging them to think about their end-of-life hardware plans. It might also enable them to add extra support for small to medium-sized enterprise (SME) customers concerned about getting rid of devices that could contain sensitive data.
One business that straddles the vendor/partner divide and is in a good position to comment on the IT disposal process is Stone Group. Gary Buxton, group operations director, says the company collects end-of-life IT assets from customers “free of charge” and securely erases data-bearing hardware. It helps users realise any residual value in any kit we take back and provides a full audit report and certificate of disposals for complete traceability.
Buxton says IT disposal is becoming a significant issue for many customers. “There are endless reasons why disposing of end-of-life IT assets properly is incredibly important to customers,” says Buxton, “not least because compliance with the Data Protection Act is essential to avoid hefty fines of up to £500,000.”
When the Data Protection Act is replaced by the General Data Protection Regulation (GDPR) in May 2018, the rules will become more stringent and the penalties will increase to as much as €20m. As well as higher fines, the GDPR will introduce other changes that companies need to be aware of.
Buxton says while it’s currently good practice to show due diligence when choosing an IT recycling partner, there’s currently no obligation to have a contract in place with your chosen data processor. “But under GDPR, it will be illegal to not have a formal contract or service level agreement (SLA) in place with your chosen partner,” he adds. The GDPR will also make it a criminal offence to choose an IT recycling partner/data processor that doesn’t hold the minimum competencies and accreditations for IT asset disposal. “With these kind of regulations and penalties, we’re finding customers want the reassurance of knowing their IT assets will be disposed of correctly,” says Buxton. “While they can arrange this themselves, it’s one less thing for them to think about if their supplier can handle it for them.”
He says resellers should be aware that offering recycling services can be an attraction to public sector customers. “With more and more pressure on public sector organisations to become sustainable, recycling helps them extract value from any reusable kit and get income to spend on new projects that will help them move forward,” says Buxton. “From this perspective, it makes sense if recycling is part of the deal offered by resellers.”
Data erasure or destruction is highlighted by a number of organisations as of particular importance to customers during the disposal process. “Data erasure at the point of IT disposal is one of the most overlooked aspects of data security,” says Richard Stiennon, chief strategy officer at Blancco Technology Group. “It’s unbelievable how many organisations of all sizes simply allow sensitive information to walk out of the door when retiring old machines and technology.”
The problem is that many organisations “just assume somebody else further up the chain will handle this on their behalf and their processes will be fit for purpose”. But unless they are dealing with certified ITADs, that rarely proves to be the case, says Stiennon. “Channel partners have a major role to play in educating customers and raising awareness of the security risks that aren’t being adequately addressed. They’re the ones that speak directly to users in the midst of a technology refresh and are often tasked with the decommissioning of end-of-life assets,” he adds.
Stiennon urges partners to encourage customers to follow relevant guidelines set by the International Organisation for Standardisation (ISO), such as ISO/IEC 27001, which includes guidelines for secure asset disposal and data erasure, as well as ISO/IEC 27018, a code of practice for protection of personally identifiable information (PII) in public clouds acting as PII processors.
Ann Sellar, secure destruction expert at Crown Records Management, agrees that ensuring the data held on devices is securely destroyed is a major issue. “Taking a hammer to it and releasing your stress is not good enough – even this tactic doesn’t ensure the information cannot be retrieved again,” she warns.
It pays for resellers and their customers to deal with a specialist because wiping and reselling items is also a concern – research has shown half the laptops and PCs sold online still contain sensitive information, she says, pointing out that the only way to guarantee the information has been destroyed is to use a reliable company that collects these items, destroys them securely and provides a certificate of destruction which completes the audit trail.
One way to avoid some of the hassle associated with IT disposal could be through leasing. “Disposing of IT equipment can be a costly and time-consuming hassle for customers,” says Tristan Watkins, UK CEO at BNP Paribas Leasing Solutions. “Companies must legally abide by the WEEE [Waste Electrical and Electronic Equipment] Directive or risk being fined for non-compliance. They have a corporate responsibility to re-use or recycle where possible, or dispose of waste IT equipment ethically.”
Leasing IT equipment can help in this respect. “Typically, at the end of a lease agreement, the equipment is returned to the finance provider which must ensure it is disposed of in a manner that meets regulatory requirements. This is an attractive option to equipment users who are relieved of the disposal responsibility,” says Watkins.
As for channel partners, leasing could open up lines of revenue in the form of refresh and resell to a different customer while upgrading the existing customer to another solution.