Kick ACE Blog
Hi! I'm Bob McCarthy
I write things
December 14, 2020
The Word "E-Waste" – Overused & Inaccurate
I have been in the ITAD industry for over 20 years, and my single biggest pet peeve is the use of the word “e-waste” to describe decommissioned IT hardware and other unneeded or unwanted electronics. Unfortunately, the term has become so synonymous within the electronics recycling industry, that several companies even place the word in their name.
And it is wrong.
Waste is defined as “material that is not wanted; the unusable remains or byproducts of something.” The last time I checked, that is NOT an accurate description of electronics. Can someone explain to me why this term is still so common?
Electronics simply is not “ewaste”. Whether they are whole units or parted out, many electronics can be refurbished and reused. Reuse is the best form of recycling and is by far the best way to extend a product’s lifespan. Electronics are so easily and often replaced that always buying new, and discarding the old, is not a sustainable practice and certainly not in the best interest of our planet or economy.
Nearly all the materials that make up end-of-life electronics can be recycled safely. Commodities that can be recovered from electronics include gold, silver, copper, lithium, palladium, aluminum, steel, mercury, and plastic, just to name a few.
There is enough demand for both refurbished electronics and recycled commodities to make a sound economic case for the value of so-called e-waste. Using recycled materials reduces the production cost of new goods, lowers C02 emissions and puts less strain on the planet’s natural resources, compared to sourcing virgin material.
It’s simple: Electronics that are being reused on the secondary market or properly recycled for their commodities are not going to waste! The only true “e-waste” are the electronics that are still ending up landfills or e-waste “graveyards” around the world because of irresponsible and often illegal handling of those electronics. No one benefits from the space they take up or the pollution they cause when they are left to decompose – a process that can take thousands of years.
Refurbishing, reusing, and recovering precious commodities are the opposite of wasteful. Any recycling company that treats old hardware as simply “waste” or call it “ewaste” should raise flags for anyone looking to retire their assets.
Your image and brand are too valuable to risk.
October 12, 2020
5 Tips for Verifying Secure Destruction
I am often asked, "How can a company verify with confidence that their product sent for secure destruction was actually destroyed?"
In lieu of Apple's lawsuit announcement against a third party vendor for selling product that was supposed to be destroyed, I thought it would be necessary to delve into this incredibly important topic. (See article below for full story)
So, why would a business demand secure destruction of their product? The most common reason is that said company is extremely concerned with data security and has decided to destroy their data-containing devices to eliminate their risk. Obsolete R&D and proprietary devices are some other categories that could pose a threat to an organization if not properly destroyed. On the other hand, there are also types of risk more closely related to sales. A company may have excess inventories of new product that they would rather destroy and recycle than have them resold on the open market. This way, they won't be competing against their own products in the marketplace. Lastly, we have seen unsafe products make their way back into the market after the manufacturer contracted with a vendor intending to have them destroyed, ultimately putting the public at risk.
Unfortunately, companies are often misled by their downstream vendors only to find their products deemed for destruction, not destroyed. Shocker, right?! Over the course of my 20 years in the industry, I have seen time and time again, companies getting screwed.
So what steps can a company take to ensure proper destruction?
Use only a vendor that will not subcontract out the destruction services, and they themselves are a certified facility (R2, NAID, eStewards, ISO9001, etc.). Facility certifications require detailed written processes, documentation to verify that those processes are followed, and are required to maintain all records.
Require a signed certificate of destruction detailing the serial numbers of the devices destroyed.
Request pre and post-destruction photos or video footage of the product being destroyed.
Have the vendor verify a mass balance by measuring the weight of product going into the shredder versus the weight of the commodities coming out (plastic, steel, circuit boards, aluminum, etc.).
Witness the destruction first-hand, or send an independent third-party witness to observe and document destruction.
September 18, 2020
Data Security & HIPAA
As healthcare networks across the country have allowed employees to work from home, it is essential to remember this equipment needs to be handled appropriately as people come back to work. We at ACE understand the risks and returns this equipment can provide to an entity.
45 CFR 164.310(d)(2)(i) and (ii) covers the disposal of electronic equipment, which requires policies and procedures to be developed and implemented to address the final disposition of ePHI (Electronic Protected Health Information), and the media on which it is stored. ePHI must be removed from electronic devices before they are re-used, scrapped, or recycled.
Prior to disposing of electronic media, all ePHI on the devices must be rendered unreadable, indecipherable, and incapable of being reconstructed. OCR suggests clearing (using software or hardware products to overwrite media with non-sensitive data) or purging (physical destruction) the information from the electronic media.
If a covered entity is unable to perform these actions, a vendor can be used. That vendor would naturally be a business associate, and a HIPAA-compliant business associate agreement would need to be signed by both parties before any devices are handed over.
The failure to remove ePHI prior to disposal is a violation of HIPAA Rules, and one that could potentially result in an impermissible disclosure of protected health information. It could also lead to a financial penalty for noncompliance with HIPAA Rules.