Demand First Class Security When Selecting an Electronics Recovery Company

Demand First Class Security When Selecting an Electronics Recovery Company

By Amanda Hale

In recent years, there has been a steady increase of concern surrounding the handling and disposal of data. Every business is in possession of sensitive data, whether it be in the form of personnel files, financial records, R&D, or customer data. The proper handling and destruction of any sensitive or confidential information is not only good business practice, but a legal concern as well. Regulations such as the Health Insurance Portability and Accountability Act (HIPAA), the Fair and Accurate Credit Transactions Act (FACTA) and The Graham-Leach Bliley Act demand that private and identifying information be protected from unauthorized access during its collection, storage and disposal, with fines of up to $10,000 and 20 years imprisonment resulting from any breach of protection.

It is typical business practice for those institutions covered by these acts to have documented processes in place for the protection of covered information during the collection and storage phases of use, but disposal options have historically been limited to disposal of paper documents via incineration and document shredding. What should an organization do with data that is stored on computers, servers, back-up tapes, and other electronic media?

The answer to this question is to contract with a reputable electronics recycler that offers a security system that can protect all of your sensitive data from the time it is received until the time it is destroyed.

In choosing an electronics recycler, most current consideration is centered on the methods used for data erasure and the shredding capabilities of the recycler. While choosing to work with a recycler that excels in these areas is absolutely essential for the proper destruction of sensitive data, one aspect of data security that is frequently overlooked is facility security. What is being done to protect your electronic equipment before the hard drive is overwritten or the unit is shredded? If your current recycler doesn't possess shredding capabilities, what is happening with the hard drives and other data storage devices?

Even the best destruction processes are rendered useless if your equipment never reaches them. It is for this reason that security prior to erasure and shredding processes is of utmost importance. The keys to facility security are: Controlling human traffic into and throughout the facility, secure storage of sensitive material prior to processing, and monitoring employee and equipment movement.

Human traffic into and throughout the secure areas of a recycling facility should be rigidly controlled through the combined use of access-control proximity readers and photo identification badges. Such a system allows a recycler to control who enters specific work areas and the times they are allowed entry, providing very specialized and specific access control to every section of a building. Reports can then be generated to view which employee(s) were present in a specific area, at a specific time on a specific day, or who may have attempted to access an unauthorized area.

An important facet of building security is the distinction between secure and un-secure portions of a facility. What items are employees allowed to take into the secure work area? Personal items such as jackets, lunch bags, and purses can provide a convenient method of hiding small but valuable components, such as PDAs and hard drives.

When exiting any secure area, employees and visitors should be required to pass through metal detectors, which are monitored by an outside security company. Such devices can detect even the smallest circuit chips and prevent unauthorized outward flow of material.

Security cameras should be placed throughout production areas, and should also be located at all loading docks and exits. All cameras should be routed to a central video server that digitally records all activity, and are also monitored remotely through specialized computer setups at manned guard posts located throughout the facility.

Restricting access to data storage devices greatly reduces the risk of confidential information being exposed to unauthorized personnel. Once you know that your electronic equipment and data storage devices have been properly secured, material processing can proceed with the confidence that all equipment will be processed.

Do not rely on data erasure to protect your information, demand that a data overwriting procedure be utilized to replace each block in every sector of your hard drives. When hard drive overwriting fails, the only remaining secure option is total destruction. Many companies rely on drilling a hole in the hard drives for data destruction; while this will prevent the drive from being run in a machine it leaves the majority of the platter accessible for data recovery. The best option is to mechanically shred these hard drives, and other electronics, to a particle size of 23 mm and below, so you can be certain that none of your data will be recovered.

Data erasure and destruction processes mean nothing if equipment leaves the recycling facility before it is sanitized. Furthermore, even after equipment has been sanitized, it must be protected. An unauthorized loss of material is not just a potential information leak, but also a loss of revenue that should be paid to the customer. It is therefore extremely important that recyclers protect all equipment in their care.


Amanda Hale is the Vice President of Regulatory Strategies for United Recycling Industries, Inc.® (URI®), an electronics recycling company based in West Chicago, IL. Servicing all of North America, URI brings 50 years of experience to their recycling and precious metal refining services. Please visit their website at www.unitedrecycling.com or contact Amanda Hale at 630-231-6060.