Data Destruction and the Impact on Recycling Bill Vasquez, General Manager West Region

Data Breaches In 2012, over 26M records from 617 data breaches were made public. Average cost per compromised record is $194 Average incident costs $5.5M Damages trust and reputation Increased legislation to address –Health Insurance Portability and Accountability Act (HIPPA) –Fair and Accurate Credit Transaction Act (FACTA) –Identity Theft and Assumption Deterrence Act (ITADA) –Gramm-Leach-Bliley Act (GLBA) More than 46 States, District of Columbia, Guam, Puerto Rico and the Virgin Islands have passed legislation that require owners of personal information databases notify affected individuals of a data security breach

Where Data Lurks 315 of the data breaches made public in 2012 were due to hackers –Results in heavy focus on actively used product Often items for recycle fall outside of established security protocols. Is your office covered? –Data is not just on computers and servers –Copiers, printers, scanners, and fax Machines often come with HDD’s and flash memory Employee owned devices –Do your employees use their own? –Cell phones, tablets, other? –What is the disposition plan for those devices? In 2010 Affinity Health Plan, a New York based not-for-profit managed care plan learned this lesson the hard way –Information left on HDD in a previously leased copier –Other recent breaches: Click hereClick here

How Should I Manage My Data? The End of Life Issue

Electronics Recycling Industry – The Problem Electronics recycling is a fairly young industry Companies entering the industry could so with few barriers to entry –Frequently operations are in low-cost spaces with low wages –Equipment can be as rudimentary as hand tools, pallet jack and pick-up or trailer Few companies initially had shredders or separation equipment By 2002, there were an estimated 1,000 companies in the industry Most recyclers continue to be, “mom and pop” operations with small facilities and fewer than 15 employees As volumes increased, capital was needed to buy and install high-powered shredding and separation systems Easy to Export – US did not ratify rules set by Basel Action Network (BAN)

What to Look for - Types of Certifications ISO 14001:2004 Environmentally Responsible OHSAS 18001: Safe R2 & eStewards: Recycle Responsibly TAPA: Transported Asset Protection Microsoft Authorized Refurbisher: able to load operating system for refurbished resale.

Transported Asset Protection Association HVTT (High Value Theft Targeted) asset theft poses a major problem for many industries Theft of electronics and almost any other cargo of value is a daily event throughout the world This type of crime leads to potential liability of data breaches and compromised brand integrity While government programs such as C-TPAT focus on keeping dangerous items out of the supply chain, TAPA focuses mainly on the issue of theft

Not All About Certifications - Observe Do a Site Visit Security –Are there adequate security controls in place? Theft of a HDD or tablet with data on it is a breach. Safety –If the company does not care about the safety of their people will they care about the safety of your data? Environment –If the site is careless about the environment will they be careless about your data? Employees –Background checked? Prison labor? Equipment –Adequately process for secured data destruction?

Found a Recycler, Now What? Protecting data: Three main methods of erasing HD (Magnetic Media)

Clearing Ensure information cannot be retrieved by data, disk, or file recovery utilities Resistant to keystroke recovery attempts from standard input devices Overwriting is one method (software) Replace written data with random data Cannot be used for media that are damaged or not writeable Size and type of media determine if this is possible

Why three passes? Some organizations are not specific on number of passes When specified, normally three Why? –US NIST Special Publication

Purging Process that protects data from laboratory attack using non- standard means Degaussing – exposing media (hard drive) to strong magnetic field Usually destroys drive as key firmware info on drive is destroyed Ideal for large capacity drives Does not work on optical media or flash drives Eliminates Boot Sector

Destruction Ultimate form of sanitization Variety of methods but shredding is typical method of destruction Shred sizes may vary depending on customers requirements

Hard Drives (non SSD) Clear Overwrite media by validated overwriting software Purge Use approved degausser on entire HD unit or disassemble HD and purge platters Shred Commodity separation Material sent to proper metal smelter

Cellphones/Tablets/Flash Drives Clear Delete all memory (internal and external) Perform manufacturer reset Use of external software Purge Same as clear Shred Remove battery and shred device Device shredded and processed at precious metal smelter

Asset Retirement On average, servers and data storage systems are replaced every three years. Managing these assets at the end of their useful life can be onerous and raise many questions: How do I minimize the carbon footprint of end-of-life assets? How do I protect the data on end-of-life assets? Do the assets still have value? 16

Maximizing the value of the asset while minimizing the carbon footprint impact

How to Minimize Impact Managing carbon footprint with efficient logistics And following the three R’s Reduce – Reuse – Recycle

Drivers of Recycling Costs Mechanical destruction consumes more energy than reusing Reusing electronics can save 5-20 times more energy than recycling (eassetsolutions) 500% Savings

Why Recycle Locally and Not Export Whole? Processing, shredding, and sorting –Increases security – Do you want your data sent to out of country on an un-wiped drive? SRS Other ?

Separation Improves Recycling Impact Increases in transportation and processing have an increased CO 2 impact on the environment

Beyond Data Destruction - Benefits Recycling 1 million laptops saves the energy equivalent to the electricity used by 3,657 US homes in a year (Dosomething) One metric ton of circuit boards can contain 40 to 800 times the amount of gold and 30 to 40 times the amount of copper mined from one metric ton of ore in the US. (EPA) Overall, the processes used to make consumer goods from recycled material instead of raw resources is much more energy and water efficient (ecocycle) Paper 60-70% less energy than Virgin Pulp and 55% less water EPA tool to calculate energy savings from recycling:

Certificate of Sustainability Provides customers with a view of four energy equivalency savings due to electronic waste recycling Gallons of Gasoline Saved Barrels of Oil Saved Trees Planted Gallons of Water Saved Calculations sourced from v3 of the Electronics Environmental Benefits Calculator from U.S. EPA

Q&A Bill Vasquez, General Manager West Region