Triple Jeopardy And Your Stored PCs

Because of the high initial cost and relatively short useful life (about 5 years) of most personal computers, many companies delay disposal of their old PCs. Yet, the consequence of maintaining a depot of used PCs actually increases the risk to a business in at least three areas: environmental, employee privacy and customer privacy.


“A place for everything, and everything in its place.” The Japanese have taken that phrase and applied it to a manufacturing technique known as the 5 S principles. Of all the opportunities for companies in our industry to apply the 5 S principles, I can think of none more critical than dealing with all of the old computers we have in storage.

Because of the high initial cost and relatively short useful life (about 5 years) of most personal computers, many companies delay disposal of their old PCs. Yet, the consequence of maintaining a depot of used PCs actually increases the risk to a business in at least three areas: environmental, employee privacy and customer privacy.

Environmental

Both the federal and state Environmental Protection Agencies (EPA) are moving toward re-classifying all computer equipment as “universal waste”—that is, a hazardous waste that exists in both the private and commercial sectors in the same form. Batteries, fluorescent lights and pesticides are three other examples of universal wastes.

More than 26 states have adopted, or are in the process of adopting, regulations for the disposal of consumer electronics. Under federal EPA classification, cathode ray tubes (CRTs) from computer monitors and televisions are considered hazardous waste unless they are sent out for reuse, either by sale or donation.

Businesses or other organizations are not regulated under most federal requirements if the facility discards less than 220 pounds (about seven or eight monitors) of hazardous waste per month. However, this waste must still go to facilities authorized to receive it.

Employee Privacy

Your employees expect you to protect their personal information. That includes payroll, health insurance and other identity data. Every night, the evening news seems to have another story about identity theft.

All of those obsolete hard disk drives sitting in your used computer depot are potential gold mines of employee data. Do you have secure control of your employee data, including possibly forgotten files on the PCs no longer being used? Do you have a procedure for sanitizing hard drives before the computers are taken to your company’s computer graveyard?

Customer Privacy

Your customers expect you to keep their commercial information both private and secure. This can include engineering and test data, as well as pricing. It also includes more traditional commercial information such as sales, scheduling and shipment data. Failure to control customer data can have serious consequences to your customers’ competitiveness, as well as to your own business.

How much customer information is playing a dangerous game of hide-and-seek on those out of sight/out of mind computers that you haven’t disposed of yet? Do you know what is on those hard drives and where they are?

Action Plan

You can intelligently manage the risk of your outdated computers by using the following action plan:

  • Environmental—Find a new home for any usable surplus CRTs. Donate them to a local charity or recycler. Do it now.
  • Employee/customer privacy—Get an inventory of the obsolete computers in your facility. Obtain secure physical control and assign someone to learn the contents of all hard drives. Determine if an in-house solution for scrubbing the data will suffice or if a third-party data destruction service would be more effective.
  • 5 S principles—Eliminate the waste of these old computers. Storage is not cheap, and computers make sentimental keepsakes only at great risk to your business.
  • Continuous improvement—Develop and implement a comprehensive information security program for your company that doesn’t allow for loaded hard drives and their contained data to become a risk to your business and the privacy concerns of your employees and customers.
  • The first 5 S program I would undertake at any shop would start with all of the old, obsolete computers.

For further information on this subject, visit the following Web sites:
www.uwex.edu/ces/shwec/uwgb/recycling_used_computers_factsheet.htm
www.epa.gov/reg5rcra/wptdiv/solidwaste/electronics.htm