CSR & Data Erasure: A Greener Future for IT Asset Disposal

Corporate Social Responsibility and IT Asset Disposal

The World Economic Forum predicts the amount of e-waste will more than double by 2050 to 120 million metric tons annually. Organizations that put in place environmentally friendly IT disposal practices now can greatly affect whether e-waste helps or harms the environment—and whether or not they will reap the business benefits.

Fredrik Forslund As Vice President of Cloud and Data Center Erasure, Fredrik brings over 15 years of experience in IT security and previously founded SafeIT, a security software company focusing on encryption and selective data erasure. With a keen eye for streamlining corporate IT security efficiencies and maintaining compliance with data privacy legislation, he is regarded as a thought leader among customers and partners.

In 2019, the United Nation’s Climate Action Summit, fires in the Amazon rainforest, and dramatic, cross-continental protests by the activist group Extinction Rebellion heightened global concern about climate change. Against this backdrop, socially conscious consumers and other stakeholders are paying more attention to the way technology-dependent organizations address their stewardship of natural resources—both in their corporate social responsibility policies (CSR), and in practice.

For example, the London Stock Exchange now recognizes companies with sustainable business models. Its “Green Economy Mark” accreditation informs investors who are increasingly interested in backing companies producing environmentally beneficial products and services.

Many companies adopt CSR policies (or environmental, social and governance (ESG) criteria) to guide eco-friendly practices and demonstrate awareness of the social, environmental and economic impact of their operations. Despite this, many businesses have room for improvement when it comes to environmental sustainability, including how they treat their used PCs, servers, laptops and other enterprise data storage devices.

The E-waste Graveyard: Harm to People and the Environment

Approximately 350,000 metric tons (tonnes) of e-waste leaves Europe illegally each year. This waste finds itself in some of the world’s poorest areas. An investigative report by media company France 24 revealed the shocking results in Ghana: Adults and children alike risk physical harm and toxic fumes for hours in waste yards. Daily, they break down or burn old computers, electronic devices, components and wires to salvage and sell the metal that remains. They do all this while levels of contamination from dangerous metals can be 100 times higher than recognized safety thresholds.

On the other side of the pond, the United States is one of the world’s largest producers of e-waste. The United Nations estimates that more than three-quarters of that is incinerated or ends up in landfills, with less than 25 percent of the country’s old electronics being recycled.

Physical Destruction of IT Assets: More Harm than Good

If organizations are to resolve these growing environmental issues, then they must implement and communicate CSR policies across the business, specifically addressing responsible e-waste disposal. This includes determining how IT hardware, from the largest servers to the smallest flash drives, is processed when it reaches the end of its lifecycle.

Many organizations dispose of decommissioned hardware by shredding or crushing the equipment to ensure stored data is irretrievable. They do this (in part) to comply with data protection mandates such as the European Union’s General Data Protection Regulation (GDPR). But the ongoing use of these methods is also due to a lack of education on alternatives, unawareness of the security risks involved with relying solely on physical destruction, as well as lack of understanding about the environmental impact of physical destruction.

In our research report, Poor Sustainability Practices: Enterprises are Overlooking the E-waste Problem, exploring organizations’ approach to data sanitization, we found that surveyed enterprises collectively destroy hundreds of thousands of data storage items per year. Additionally, over a third of organizations physically destroy nonfunctional or end-of-life equipment because they believe it is “better for the environment.”

The reality is that end-of-life drives and computers can often have their life extended if sanitized properly. Non-functional equipment can provide opportunities to responsibly harvest rare earth elements, precious metals and other natural resources for use in other electronics—an intensifying need as society’s appetite for newer, flashier devices ceases to be satisfied.

By changing their approach to IT disposal, organizations can not only benefit the environment, but they can unlock the immense business value of e-waste.

The Circular Economy: An E-waste Opportunity

Our study also found that, similar to the UN findings for the United States, only a quarter of end-of-life equipment is being recycled. This is astounding when you consider that the material value alone of yearly e-waste amounts to $62.5 billion. In fact, there is more gold in a metric ton of mobile phones then there is in a metric ton of gold ore, say the World Economic Forum (WEF) and the UN E-waste Coalition. The process of mining these precious metals, which continue to grow in scarcity, also causes significant damage to the environment.

But there is also a vast opportunity to harness materials through daily business operations, yet another justification for including IT disposal within corporate social responsibility policies. Erasing and then reallocating devices throughout an organization maximizes value from enterprise IT purchases. Organizations can also enter out-of-use hardware into the circular economy: Older electronics can be erased, refurbished and reused without carrying forward any residual data. They can be sold to earn carbon credits, reused internally, or safely donated to organizations that have less need for the most current or top-of-the-line technologies. In addition, components can be recaptured for use in future electronics. These options reduce the amount of e-waste produced, reduce the rate of natural resources consumption, provide affordable options for second-hand purchasers and create sustainable jobs in the refurbishment of electrical components.

Erasure’s Dual Role: Security and Second-hand Life

Whether considering ongoing use or outright asset disposal, it’s critical to ensure data is “erased”—overwritten completely and verified as such—and not merely “deleted”—which can leave data fragments behind on hidden or defective areas—so that data security and privacy is never compromised.

Complete and verifiable data erasure complies with data protection and privacy regulations and ensures that company data is never exposed to unauthorized users. An increasing number of regulations and the crippling fines that can result from noncompliance might tempt organizations to take the traditional route of shredding and degaussing usable, old equipment. However, poor or misapplied physical destruction processes don’t just produce needless waste—they can also leave data behind. For instance, increased data density means industrial shredders may need to shred SSDs to sizes as small as two millimeters to fully destroy them and render data unrecoverable—but not all shredders do. Further, degaussing works only on magnetically stored data, meaning SSD data is unaffected by this method.

Erasure as Corporate Social Responsibility (CSR) Component: Communication is Critical

There is encouraging news: More than 80 percent of organizations have a CSR policy in place, and 91 percent of those that do include end-of-life equipment disposal within that policy.

However, as we reported in our Data Sanitization: Policy vs Reality research study, there is often no clear owner for policy implementation. While an organization may have documented ideals regarding environmental sustainability, breakdown occurs in execution.

To ensure an organization’s corporate social responsibility policy effectively addresses the issue of e-waste, it’s crucial that environmentally responsible ways of processing hardware at the end-of-life are included. Organizational leaders must make sure that everyone involved in managing data and data devices are informed of the policy requirements (preferably with full buy-in) and that the company philosophy is communicated often as part of the company’s culture and brand identity. Policy makers should also make sure that those processes are specific enough to be executed upon and that responsibilities are clear.

Conclusion: Organizations Play a Critical Role in Reducing E-waste

If nothing is done to tackle the e-waste problem, then the amount of e-waste will more than double by 2050 to 120 million metric tons annually. Ensuring data erasure methods are implemented and communicated across the organization as part of its CSR policy will both improve security and make devices ready to be refurbished and sold in a circular economy. And that, in turn, not only reduces environmental damage, but also makes the organization itself more appealing to shareholders, consumers and like-minded business partners, becoming an intrinsic part of the company image.

Find out how global organizations currently approach end-of-life disposal of data storage devices and where they can lessen their environmental impact.

Download our free research study, Poor Sustainability Practices: Enterprises are Overlooking the E-waste Problem.