Sustainability and Data Security

As we reach for goals, both personal and professional, it's important to remember the key values that define us along the way such as empathy, integrity, and sustainability. Sustainability can be both in terms of your dedication towards completing a project as well as sustainability in the ecological sense of the word.  When you buy a new laptop or smart phone do you ever think about sustainability? What is going to happen to that expensive device when you get your next one? What happens to the one you just traded in? That disposal mindset comes with hidden factors at play, because when you're getting rid of old technology you have to be wary of the data it may contain.

When my co-authors Russ Ernst and Fredrik Forslund and I set out to write the first book on data sanitization over a year ago we were focused on the privacy and security aspects of erasure. But there is another benefit of a well managed data sanitization program: its impact of ESG (Environmental and Social Governance) and sustainability.

There is no question that the best security for data is to effectively and permanently erase it. Of the long list of things CISOs have to worry about, data that has been completely erased is not one of them. Data breaches, ransomware, cyber espionage, ediscovery litigation, do not arise against data that is gone forever. 

Privacy regulations, most notably GDPR, specifically call out the Right to Erasure. Any data subject in the EU can demand that a Google or Facebook permanently destroy all the records they keep on them. Accomplishing that is tricky. Sure you can close down an account, but can you go into every database and tape backup and truly overwrite all the data?

The IT Asset Disposition (ITAD) industry formed when it dawned on many people that old computers and electronic equipment were literally a goldmine. Gold, silver, copper and rare earth minerals could be extracted from printed circuit boards and components. But burning computers to create that flow of gold is definitely not a good thing for the environment. Besides, manufacturers found ways to lower their costs by eliminating those valuable metals. New government requirements were imposed and the EPA got involved.

ITADs turned to refurbishing old gear, particularly smart phones, and selling them in the secondary market.

Enterprises have a regular refresh cycle for their desktops and laptops. Rather then sell the old computers to employees or the public they contract with an ITAD to collect them. Sometimes they pay a fee, sometimes they get a share of the revenue generated from reselling the cleaned up computers.

This is where data sanitization plays an important role. A properly managed data lifecycle program will include the disposition of old computers and the data stored on their hard drives or SSDs. Often they erase all the data before letting the devices leave. More often, they contract with an ITAD to pick up the devices and provide attestation that all the data was erased before the devices were either refurbished or disassembled into its component parts.

As companies like Apple announce their plans for reducing their carbon footprint data sanitization is demonstrating a new benefit. Re-used devices save a lot of energy and petrochemicals. They reduce the burden on landfills as well as emissions into the atmosphere and water supply.

In addition to its security and privacy benefits data sanitization is beginning to play an important role in global sustainability. You can do your part by trading your phone in or giving or selling your laptop to an ITAD that will ensure all your data is erased before they repair it and sell it to the next owner.