The expert view: sustainability in IT and data security

In a second session on tackling the problem of e-waste by making replacing IT equipment more sustainable, delegates suggested that the need for security still trumps environmental pressures.

 

We have a growing problem with e-waste – the discarded electronic and electrical devices of all kinds that end up in landfill or are disassembled for parts. And, as Phil Vaughan, Director of Sales UK for Blancco, explained in his introduction to a second Teiss Virtual Roundtable on the subject, the problem is getting worse.

 

He told attendees that a recent survey from Blancco found that only 40 per cent of companies had an e-waste policy at all. Most companies are aware that a device has to be properly erased when it reaches the end of its life but many are still putting the device through a shredder, rather than pass it on to another user and risk a data leak.

 

As companies extend their corporate social responsibility (CSR) schemes to cover more aspects of their business, however, the pressure to be more sustainable is likely to grow.

 

E-waste grows and grows

 

Delegates at the briefing were very aware of the growing scale of the problem. One pointed out that having only just brought in new computers for Windows 10, his company had then needed to buy hundreds of laptops as the COVID-19 pandemic forced staff to work from home. “We are going to have a destruction problem in a few years’ time,” he admitted. Another attendee suggested that companies should be making efforts to use IT equipment for longer – though this just delays the problem.

 

For many attendees, shredding devices remained their preferred approach. But this destroys the device entirely, which is the worst solution from an environmental point of view, even if some components and metals can be recycled afterwards.

 

Others in the group said they contract the work to a third party, who wipe the device and then either recycle it or destroy it. They provide certification of this process and though most companies that do this are reliable, some make mistakes. One attendee said she was contacted by someone who had found her organisation’s data on a secondhand machine. Rather than doing a good deed, the caller demanded payment for the hard drive or claimed they would leak it to the media.

 

Such instances are fortunately rare, but it is more common to simply not know what happens to decommissioned devices. Growing reliance on the cloud, for example, has become a staple for many businesses but, as attendees admitted, it can be hard to find out what cloud providers do with decommissioned equipment. “They have CSR policies in place, but they won’t give you much detail on what they actually mean,” said one attendee.

 

Taking responsibility for recycling

 

The only real way to get complete visibility of the process is to take control of it yourself. Some organisations do this. Blancco works with one UK police force that sanitises the devices and then sells them to staff for a reduced price. This allows them to control the security process, extends the life of the devices and provides a bonus for staff. Another attendee, from a university, said that when data centre servers are no longer suitable for frontline tasks, they are usually moved to research labs, where they can still be useful.

 

Not every organisation can do that, however. “It’s a question of time and cost,” one delegate said. With so many other pressures on the IT department, it’s easier to destroy the device or hand it to a third party. That’s because the risk of a breach is too great. The threat of fines under GDPR, reputational damage and the potential knock-on effect on shareholder or stakeholder confidence is just too great. As one attendee put it: “You don’t want to be the one who gets called to the chief executive’s office to explain why a device wasn’t wiped.”

 

In contrast, the pressure to dispose of devices sustainably hasn’t caught up. As one attendee explains, that’s because society as a whole is still happy to upgrade to the newest phone every couple of years. The problem of e-waste is yet to reach mainstream awareness. That said, everyone at the briefing was aware that change is on the horizon. One or two said they were thinking more about their e-waste footprint simply as a result of the briefing.

 

For most attendees, it is still early days for their CSR plans. Companies are focusing on reducing their carbon footprint by cutting things such as vehicle emissions or corporate travel. Attention hasn’t really turned to the IT department, attendees admitted. What everyone seemed to realise, however, is that, if e-waste isn’t on the agenda yet, it soon will be. Organisations that haven’t begun to address this challenge should start as soon as possible.