Balance financial, risk aspects during electronic equipment disposal

IT asset management expert Barb Rembiesa discusses the data security risk -- and potential business benefits -- of electronic equipment disposal.

The disposal of electronics, including company IT equipment, has become a big business. A 2011 International Data Corp. report titled "Inside the U.S. Electronic Recycling Industry" found that 59% of IT asset disposition (ITAD) vendors had been in the e-scrap business for ten years or less. It's time for organizations to re-examine disposal choices and look for options that boost the bottom line or at least assist with paying for compliant disposal of electronic devices. But when seeking the benefits of these disposal choices, it's also vital to remember the risk management implications.

Begin delving into electronic equipment disposal by understanding the devices' Fair Market Value (FMV). IT equipment considered obsolete for one organization may still have value in the public market for consumers, smaller businesses and perhaps even large organizations. The emergence of mobility in the workplace has also led to a market for recertified or refurbished devices and has created a continual stream of mobile devices to be disposed. Value preservation, however, fluctuates due to age, use, condition and popularity of the device.

Every device contains at least some data and software risks, but actually who used it is important to consider during electronic equipment disposal.

Because of these factors, IT asset disposal is more than finding a way to turn electronics into waste. We will discuss the risk management and security concerns in a moment, but here are some pathways that your organization might leverage:

Resale/internal selling: During a technological refresh or other end-of-electronic life event, "old" equipment is thrown out and replaced. Employees may be interested in acquiring that older equipment for their own use. The resale of older devices with high computing capability (such as laptop computers) or those that are still novelties are possible income generators for the organization.

Equipment auctions: This approach is a riskier option, but could provide major revenue. Essentially, old devices are put up for auction online and people compete to purchase. The FMV might not be reached during the auction, though, reducing the organization's ROI on the device. However, with the risk comes potential reward, as some items sell well above their FMV. Careful planning and research can maximize the auction option.

Charitable contributions: Contributing equipment to charity is more of a soft-dollar savings than a hard-dollar revenue generator. It does, however, provide a tax write-off, community goodwill and positive PR for the organization.

Component cannibalization: Taking a device and breaking it into its individual parts and then selling these parts can also be beneficial. High-value metals are often trapped in low-value parts (think very old motherboards), providing a higher return at a scrap yard than the device would receive at auction. Also, some IT parts can be pulled and reused, saving future acquisition and disposal costs. Recycling specific elements may also cost money or deliver value, depending on the market for that element.

More on electronic equipment disposal

Find peace of mind with ITAD services for secure data removal

Proper data disposal necessary before server donation

Vendor trade-in: Some vendors provide credit toward future acquisitions or help offset the device disposal costs. This approach can be hassle-free, but it generates less revenue for the organization since the vendor receives some compensation for its efforts. This strategy can be equated to trading in a car to a dealer for a new one, versus selling the old car yourself.

Selling to an electronic equipment disposal vendor: ITAD vendors often buy equipment from organizations to refurbish and resell or to strip the device for materials. For the selling organization, this approach provides steady and predictable revenue or credit for an organization, but at a lower rate than if handled directly.

Cost vs. risk assessments

Any of the above strategies have the potential to defray the costs of electronic equipment disposal, and perhaps earn profit for the organization. But two criteria must be analyzed: the administrative costs of the program and its security risks. Risk assessment is an integral part of the disposal program, right alongside the program's costs (or profits).

Cost assessments determine if device ROI is maximized, while the risk assessment examines the data security factor. Risk assessment should include analyzing who owned the asset and how sensitive the data contained on the device is for the organization.

Every device contains at least some data and software risks, but actually who used it is important to consider during disposal. Consider the employee's role within the organization and the sensitivity of the data he or she accessed.

The risk assessment should next examine the data itself regarding its sensitivity and risk impact. The more extensive the data security requirements were for the device, the more likely costs will be incurred during disposal. Since the idea is to maximize ROI, it is an important step in the risk assessment process to identify just how important and sensitive the data is on the device.

In addition to data breach and software loss minimization, the risk assessment also needs to examine the possibility of disposal-related compliance violations. Governments and regulators are increasingly focused on toxic waste stemming from electronic devices, so consequences from improper disposal are likely to rise.

Toxic waste cleanup costs and fines can take any money generated during the electronic equipment disposal process and throw it out the window. There is money to be made in the electronic equipment disposal process, but remember to follow the proper steps and safeguards in these green regulatory compliance mandates.

About the author:
Barb Rembiesa is founder and CEO of the International Association of IT Asset Managers Inc. (IAITAM). Rembiesa brings more than 20 years of leadership to the organization. She is the driving force and conceptual architect of the only global IT asset management-focused organization. For nearly a decade, Barb has groomed IAITAM into a worldwide association focused on education, with individual and enterprise members in over 50 countries. IAITAM's asset-management certification courses have become the industry standard and are endorsed and required by organizations striving to maximize IT spending, reduce risk and create more efficient budgets.

Let us know what you think about the story; email Ben Cole, associate editor. For more regulatory compliance news and updates throughout the week, follow us on Twitter @ITCompliance.

Dig Deeper on Vulnerability assessment for compliance