Everyone worries about the safety of information. The technology industry is robust with firewalls, encryption systems, and network security hardware. Corporations hire chief security officers, facility security officers, install cameras and metal detectors and have their facilities and the employees "cleared."
But often times the security breaks down at a place so simple it is often overlooked: the end of the life cycle for computer and electronic equipment.
After spending countless hours and dollars protecting information while the electronic equipment is in use, old computers are often unplugged, put in a storage room, sent to a warehouse, donated or even given away or sold with the data still intact. The equipment enters a twilight zone where no one is really sure what its status is, what information may be on it, who has had access to it and how it should be dealt with.
The paper shredding industry gained a foothold years ago and most companies now have on-site shredder trucks that make weekly visits to their facility. But one cannot forget that the paper being shredded was generated by the PC that may be sitting in the hallway totally unattended and unsecured.
PCs and laptops are not the only devices where data lies unprotected. Telecom equipment, servers, PDAs, cell phones, fax machines, copiers, scanners, tape drives, back up drives, flash drives, thumb drives, even ribbon from dot matrix printers and typewriters--all these devices are capable of storing and releasing data.
Equipment disposal often is not a high priority within a corporate structure. No one wants to be the responsible party and no one wants to add another line item to their yearly budget. Depending on the company, the person responsible may be the IT manager, the facility manager, property manager, procurement, security officer or any combination of those areas.
It is estimated that the cost of ownership of a PC is three to four times the purchase price of the unit. This includes all of the support for installing, maintaining, securing and licensing the piece of equipment. The end-of-life costs also must be considered.
There are currently no less than four regulations mandating protection of private information. While some of these regulations are geared toward specific businesses or industries, some deal with information that organizations of all shapes and sizes will collect and maintain. In a world of constantly heightened security, government contractors need to be particularly vigilant in the management of their computers and data.
Approximately 70 percent to 80 percent of used electronic equipment is shipped overseas for "recycling." The recipients include Thailand, Nigeria, Indonesia, China, India and Pakistan.
In October 2006 the environmental watchdog organization Basel Action Network (BAN) traveled to Nigeria to investigate how imported e-waste is managed in that country. In addition to an environmental catastrophe, there was clear evidence of U.S. electronics in large quantities being dumped on this poor nation. Equipment was found with asset tags from mortgage companies, hospitals, state and local governments, federal agencies and financial institutions. BAN recovered several dozen hard drives and found data on many of them.
Many U.S. electronics recyclers are actually brokers or exporters, who collect truckloads of electronic equipment, transfer them into shipping containers and send them around the world for a tidy profit. Developing countries are interested in the electronic material primarily for the metal commodities they contain--steel, aluminum, copper and the bits of precious metals found in circuit boards.
But data often goes along for the ride, as well as a myriad of toxic chemicals including lead, mercury, cadmium, and others. Exporters are paid well for collecting container loads of equipment and shipping them to the receiving countries, with little or no environmental or security scrutiny. …