The days of tossing out corporate electronic waste like common trash are pretty much over. Environmental concerns and data security regulations are driving more companies to develop rigorous disposal policies. Yet there's more to the proper interment of IT equipment than many executives realize, and many companies still fail to handle their electronic waste wisely. Even those who think they're doing the right thing could find their technology trash coming back to haunt them in unexpected ways.
Progress has been made on many fronts. UBS, for example, has had a defined process for getting rid of its electronic waste since the early '90s. The Zurich-based financial services company names specific employees to work with approved e-waste processors, says Urs Peter Steiger, risk management lead associate. UBS also tracks its waste, so it knows exactly what has been refurbished for the secondary market and what has been stripped down and recycled.
"There is a greater awareness among companies of their responsibilities, and there's a greater understanding of what the implications are," says Frances O'Brien, an analyst at Gartner.
Well, yes and no. Gartner surveyed executives at more than 200 companies last September and found that 71 percent had a formal policy for IT asset disposition. But every policy isn't necessarily a good policy.
For example, 19 percent said they donate their unwanted PCs to schools or nonprofit organizations. Good intention; bad policy, says O'Brien. Your company could be responsible if the nonprofit improperly disposes of the donated equipment or inadvertently releases sensitive data still residing on the equipment.
Costly and dangerous
Of those surveyed, 17 percent said their policy is to store old PCs. "There is still a lot stored in closets -- industries' closets as well as private consumer closets," says Barbara Rembiesa, president of the U.S.-based International Association of Information Technology Asset Managers.
That's not only a costly use of space; it's dangerous, says O'Brien. Companies often "cannibalize" the stored pieces, allowing components that might contain sensitive data to go missing, she explains.
While companies struggle to get e-trash disposal right, the problem is growing. There are 500 million obsolete computers in the U.S., and even today, only 10 percent of unwanted and obsolete computers are recycled, according to the Silicon Valley Toxics Coalition, an advocacy group.
Moreover, many companies don't realize how much material actually falls under the heading of "electronic waste," according to O'Brien. "A lot of the focus has been on PCs, but the issues become much more difficult when you start looking at flash memory cards and key-chain memory drives. There's fairly limited control on those things," she explains.
Other items that need special attention include cell phones and handheld devices, as well as routers and even copiers, which today have memory that can contain sensitive information.
"Some of the smaller companies aren't even aware of the issues, or they don't have the skill sets to dispose of [e-waste] properly," O'Brien says.
Many midsize companies find themselves in that situation. Larger companies usually understand the issues but have a harder time tracking their trash because of the sheer volume of assets.
"Companies that want to protect themselves in this area know they have to have a good asset management strategy," says Jim O'Grady, who, as director of the Americas at HP Financial Services' Technology Value Solutions unit, manages HP's Technology Renewal Center in Andover, Mass.