Presentation on theme: "Data Destruction and The Impact on Recycling. Data Breaches In 2012, over 26M records from 617 data breaches were made public Average costs: –$194 per."— Presentation transcript:
Data Breaches In 2012, over 26M records from 617 data breaches were made public Average costs: –$194 per compromised record –$5.5 million per incident Damaged trust and reputation Increased legislation to address: –Health Insurance Portability and Accountability Act (HIPPA) –Fair and Accurate Credit Transaction Act (FACTA) –Identity Theft and Assumption Deterrence Act (ITADA) –Gramm-Leach-Bliley Act (GLBA) More than 46 States have passed legislation requiring owners of personal information databases to notify affected individuals of a data security breach
Where Data Lurks Data breaches made public were due to hackers Items for recycling fall outside of established security protocols –Data not only on computers Copiers, printers, and scanners –Employee owned devices (BYOD) What is the disposition plan for those devices? Affinity Health Plan, a New York based not-for-profit managed care plan learned the hard way –Information left on HDD of a previously leased copier
Electronics Recycling Industry Electronics recycling is a fairly young industry Companies entering the industry could so with few barriers to entry –Frequently operations are in low-cost spaces with low wages –Equipment can be as rudimentary as hand tools, pallet jack and pick-up or trailer Most recyclers continue to be, “mom and pop” operations with small facilities and fewer than 15 employees Easy to Export – US did not ratify rules set by Basel Action Network (BAN) Data more valuable than commodities
What to Look for - Certifications R2 & e-Stewards: Recycle Responsibly ISO 14001:2004 Environmentally Responsible OHSAS 18001: Safety TAPA: Transported Asset Protection Microsoft Authorized Refurbisher: able to load operating system for refurbished resale.
Transported Asset Protection Association HVTT (High Value Theft Targeted) asset theft poses a major problem for many industries Theft of electronics and almost any other cargo of value is a daily event throughout the world This type of crime leads to potential liability of data breaches and compromised brand integrity While government programs such as C-TPAT focus on keeping dangerous items out of the supply chain, TAPA focuses mainly on the issue of theft
Not All About Certifications - Observe Perform a Site Visit Security –Are there adequate security controls in place? Prevent theft of tablet and HDDs Safety –If the company does not care about the safety of their people will they care about the safety of your data? Environment –If the site is careless about the environment will they be careless about your data? Employees –Background checked? Prison labor? Equipment –Adequately process for secured data destruction?
Found a Recycler, Now What? Protecting data: Three main methods of erasing HD (Magnetic Media)
Clearing Ensure information cannot be retrieved by data, disk, or file recovery utilities Resistant to keystroke recovery attempts from standard input devices Overwriting is one method (software) Replace written data with random data Cannot be used for media that are damaged or not writeable Size and type of media determine if this is possible
Why three passes? Some organizations are not specific on number of passes When specified, normally three Why? –US NIST Special Publication 800-88
Purging Process that protects data from laboratory attack using non- standard means Degaussing – exposing media (hard drive) to strong magnetic field Usually destroys drive as key firmware info on drive is destroyed Ideal for large capacity drives Eliminates Boot Sector
Destruction Ultimate form of sanitization Variety of methods but shredding is typical method of destruction Shred sizes may vary depending on customers requirements
Hard Drives (non SSD) Clear Overwrite media by validated overwriting software Purge Use approved degausser on entire HD unit or disassemble HD and purge platters Shred Commodity separation Material sent to proper metal smelter
Cellphones/Tablets/Flash Drives Clear Delete all memory (internal and external) Perform manufacturer reset Use of external software Purge Same as clear Shred Remove battery and shred device Device shredded and processed at precious metal smelter
Maximizing the value of the asset while minimizing the carbon footprint impact
How to Minimize Impact Managing carbon footprint with efficient logistics And following the three R’s Reduce – Reuse – Recycle
Drivers of Recycling Costs Mechanical destruction consumes more energy than reusing Reusing electronics can save 5-20 times more energy than recycling (eassetsolutions) 500% Savings
Why Recycle Locally and Not Export Whole? Processing, shredding, and sorting –Increases security – Do you want your data sent to out of country on an un-wiped drive? SRS Other ?
Beyond Data Destruction - Benefits Recycling 1 million laptops saves the energy equivalent to the electricity used by 3,657 US homes in a year (Dosomething) One metric ton of circuit boards can contain 40 to 800 times the amount of gold and 30 to 40 times the amount of copper mined from one metric ton of ore in the US. (EPA) Overall, the processes used to make consumer goods from recycled material instead of raw resources is much more energy and water efficient (ecocycle) Paper 60-70% less energy than Virgin Pulp and 55% less water EPA tool to calculate energy savings from recycling: http://ecocycle.org/ecofacts http://ecocycle.org/ecofacts
Certificate of Sustainability Provides customers with a view of four energy equivalency savings due to electronic waste recycling Gallons of Gasoline Saved Barrels of Oil Saved Trees Planted Gallons of Water Saved Calculations sourced from v3 of the Electronics Environmental Benefits Calculator from U.S. EPA