Imagine you’ve been entrusted with someone’s personal information, such as a passport or credit card. Naturally, you’d take this very seriously, and make sure that no one but yourself touched the documents. Unfortunately, you won’t always have that kind of control when handling sensitive personal information—such as when disposing of your company’s outdated, broken, or otherwise unwanted electronic equipment.
“The average cost damages resulting from data breaches in the United States are up by $600,000 and now reach $6.5 million. That means that each stolen or lost record that holds confidential data increased from $201 to $217.”
That’s not small change—and it makes sense to be worried about a data breach happening to you.
If you’re in possession of client’s or customer’s personal data—particularly if you’re in the healthcare or finance industries—then you need to know who is in charge of that data at all times during the disposal and recycling process. That’s not just common sense—secure data disposal is subject to a number of laws. That’s why you need a secure chain of custody.
Recycling or re-purposing your old equipment is important for adhering to ever-changing legislation, and for keeping your company’s reputation safe. That’s where a responsible IT asset disposition company comes in—they handle everything from transport to data destruction and recycling. But how can you be sure your vulnerable data is in safe hands?
Over the next few weeks, we’re going to discuss what chain of custody and reverse logistics are, and why they are important to keeping data safe.
When you entrust your data to a third party, you want assurance that the equipment is handled properly. You’ll want a well documented chain of custody. In short, the chain of custody refers to the “paper trail” of documentation that clearly spells out the custody, control, transfer, analysis, and disposition of assets. Chain of custody is important not only to your peace of mind, but in legal contexts as well.
How Does Chain of Custody Work?
Whenever a step is taken in the IT asset recovery and disposition process, it is noted in great detail for later reference. This includes information on whether the transfer involves transfer of liability, as trustworthy companies often take on this burden as well as the equipment itself. Depending on your equipment, various levels of security may be appropriate.
When is Data Most Vulnerable?
Transport is the most vulnerable stage for data, and the drive to the recycling facility should be conducted in a manner that minimizes these risks as much as possible.
There are several levels of transport security, and it depends on the nature of the equipment as to which level is necessary to protect the data in question. Some levels may include:
- Basic—Equipment is tightly packed to restrict access as it is driven to the recycling facility.
- Straight Run—Equipment is tightly packed, then driven straight to the facility, with no stops along the way.
- Sealed—A straight run method is used, with the added peace of mind of a numbered seal that may or may not include GPS tracking. If the seal has been broken or tampered with, the insurance company is notified, and steps will be taken to secure the equipment.
- Armored Transport—An armored vehicle is used, along with the highest standards for security during transport. Companies like Loomis, Brooks, or Wells Fargo are used for these runs.
An IT asset disposition company often works in different locales, and cannot provide all transport by themselves. In this case, a trusted third party company is used to get the equipment from point A and point B. These companies are included in the chain of custody and have been screened carefully for security.
Some companies use bonded drivers, backed by a 1 million dollar posted bond. These drivers must have a clean criminal background and a clean driving record.
What Happens Once Equipment Has Been Dropped Off?
A good IT asset disposition company will continue tracking the items throughout the data destruction and recycling phases of the process, either with product serial numbers or proprietary numbering systems. This ensures that no piece of equipment is allowed to stray or otherwise be tampered with.
What Verification is Available Afterward?
A data elimination report is provided once the devices have been wiped. Clients also receive data destruction and compliant disposal certificates that are valid for use in auditing and reporting.
Because data security is so crucial to the recycling process, certifications require high standards in handling sensitive information. Look for recyclers who are R2 or eStewards certified and meet OHSAS guidelines to help ensure your data’s security and to give you peace of mind.
Why Trust an IT Asset Disposition Provider?
In the end, most companies can’t dispose of the sensitive data on equipment by themselves. They need the help of a certified provider to help give peace of mind and protect data and your company’s reputation.
If you’re worried about how the data will be protected, just consider this: Would data be any safer if you were transporting it to the recycling facility yourself? Reputable companies take all necessary steps to protect your data and make sure no unauthorized personnel have access to it.
Tweet This! “Would data be any safer if you were transporting it to the recycling facility yourself? Reputable companies take all necessary steps to protect data and make sure no unauthorized personnel have access to it.” Tweet This!
At ICT, we take your data security seriously, which is why, in addition to offering multiple transport options and taking over the liability for the items, we also keep meticulous records and a spotless chain of custody.
Ready to get started? Take a look at our services and fill out our forms to learn more. Check back next week to learn about reverse logistics and more about data security. Alternatively, here are 5 tips to choosing the right ITAD partner for your company.
Susannah Bruck is a freelance blogger, editor, and ghostwriter. She has been putting her skills to use for clients since 2010, and enjoys working on formats ranging from blog posts to short stories and plays. You can find her at World Adventures