Data security and e-waste: how does they work together?
Data security and e-waste: how does they work together?
November 13, 2020
CIRECON, an innovator in digital e-waste disposal, offers a market-leading digital platform with a solution to achieve 100% transparency in parallel to 100% data security in electronic waste recycling. Not only that, in addition to disposal in this age of digitalization, you can also avoid waste and preserve valuable raw materials
We are all well aware of the burgeoning e-waste problem around the world and the exponential growth in the quantity of disposed electronics. According to the Global E-waste Monitor 2020 published in July, our mankind-handled growth of e-waste increased by around 9.2 million metric tons (Mt) in the five years between 2014 and 2019. That’s a startling amount and has led to a total figure of 53.6Mt of generated WEEE in 2019. Coupled with the yearly increasing load on our environment, generated e-waste volumes are not sufficiently documented either – only ~20% of the real total are well reported. So what happens to the rest? And how exactly can we do better with regard to this in the future?
The main reason electronic waste has exploded is down to advancing digitalization and shorter product life-cycles in all kinds of consumable devices, but why can’t the problem simply be used as part of the solution? Today’s available technical solutions as well as the willingness of all market participants should mean well-documented handling of all e-waste is possible. We only have to close the data gap within the recycling process and choose the right solutions and partners to manage that end-of-life process.
Only 100% transparency ensures environmentally efficient recycling management and the reliable treatment of secured data protection for disposed units
A company providing and selling products to the market at the same time generates e-waste and should thus know precisely about product waste processes and the ideal route for environmental handling. The consolidation of all product and logistics data of all parties involved in the recycling process – starting with production, repair, re-use and ending with the melting furnace – has to make the complete process transparent. Only 100% transparency ensures environmentally efficient recycling management and the reliable treatment of secured data protection for disposed units. Instead of disposing of e-waste in illegal landfills, selling-off to brokers and other parties, IT units must end up in a certified facility that has the necessary capabilities, skills and certificates to handle and process e-waste.
Responsible parties for the collection of e-waste are named within European legislation. Extended Producer Responsibility (EPR) decrees that manufacturers are responsible for the proper disposal of the electrical and electronic waste that is brought to such facilities and must bear the financial cost of product stewardship entailed by disposing of the electrical and electronic devices that were placed onto the market. Retailers and telecommunications companies bringing units into the market are also obliged to take back electronic waste from end consumers and handle their proper recycling. At the same time, repair facilities authorized by manufacturers need to make sure that end consumer data is safe. Bringing the unit into a repair shop gives rise to the expectation that the units are returned to owners after successful repair, but of course there are units where repair is not economically feasible, the units are replaced, the old unit may be ‘outdated’ and requires disposal, hence becomes e-waste.
The e-waste problem doesn’t only bring with it risks for human health and our environment, it also brings data security challenges for office and personal home equipment. Valuable and classified information can be stored on electronic devices – anything from personal pictures, passwords, medical records, business-relevant information up to credit card numbers or bank account information. For enterprise businesses, the question as to how to ensure disposal accuracy – such as confidential business data such as agreements, specifications and processes, pricing, etc – means it is even more relevant for companies today to have a reliable 100% disposal solution.
Let’s think of the variety of electronic products that may contain data: a server, smartphone, laptop, computer, printer or monitor. We are connected and digitalization makes our life much easier, but we need to be careful with the risks that our digital data brings with it. If you collect all of your stored information and then imagine that this can get into the wrong hands, what impact could this have for you as an end consumer or as a company?
Data security laws define how to take care of personal data on running software and how to delete the data when the user doesn’t want to use the tools anymore. But there is still a lack of awareness about just how hard it is to completely erase data from an electronic device. Just as with a used device, the disposal of old/end-of-life devices needs to be conducted carefully so that this can be declared as ‘e-waste’.
Electronics are one of the most-stolen product types during transport and this applies not only to functional electronic units but also related to e-waste, since there is a lot of value in the product material and maybe some data! For example, 53.6 million tons of e-waste results into a value of about US$57 billion to be gained from the materials within them, such as aluminum, copper and iron.
The problem that occurs during the transport of e-waste is mostly that the data risks of disposed units are underestimated and due to the lower product value, compared to a functional unit, the investment in the logistics processes seems to be limited
The problem that occurs during the transport of e-waste is mostly that the data risks of disposed units are underestimated and due to the lower product value, compared to a functional unit, the investment in the logistics processes seems to be limited. A limitation of investment during logistics means that e-waste is shipped in open containers or collection boxes, which are not protected against theft except the locked door of the truck. It is easy to figure out how to open the truck lock and take units with data on the devices. The units will never be traceable again and no one knows where they could end up.
CIRECON’s unique solution steps within the e-waste supply chain and makes e-waste disposal safer than ever before:
Instead of transporting the units in open collection boxes, CIRECON’s service partners use closed boxes, which are locked during the whole process. Only the sender and recipient know the code of these boxes to avoid the loss of units between two locations. To reinforce the security standards during logistics, the units can be scanned by the sender – each one needs to have an individual barcode. The scans have to be provided to the recipient and the scan process starts at the warehouse of the recipient right after opening the box.
The scanned data has to be mapped to a unique shipment ID to obtain an identifier and track the single units during logistics on the truck and on their way to the next location. All scans have to be documented in a database to keep the overview and to retrieve this important data anytime. For clear identification of a shipment and the truck, which is on the way, loaded with security boxes, transport documents should be mapped to the shipment ID in the a database. A digital platform leads to paperless packing lists and transport documents!
During the receiving process, certified recycling companies are opening-up the locked security boxes and unpacking the units; each barcode of a unit is scanned and flagged as ‘received’. This real-time tracking information on each unit confirms that the units arrived in the recycling facility. For units containing data on and thus a higher risk in case of loss, it is preferred to minimize additional hubs so as to avoid loss of the units between the facilities.
The scan process can bring additional challenges with it, such as poor quality barcode labels for instance. This can lead to bad recognition of barcodes and different results depending on the scanner. As a result, matching what is on the sender list with what is on the recipient list can be difficult. An intelligent scan module can help to improve this process by informing the scanning staff for each scan separately if a scan could be matched or not to correct the barcode manually in the case of no match.
E-waste and data security go hand-in-hand. Devices are taken to experienced recycling firms with trained staff for complete data wiping or data destruction only. A recycling company, which offers data wiping and data destruction services, provides the secure destruction of personal, sensitive, proprietary, or classified information, and issues Certificates of Destruction and Certificates of Data Sanitization upon request. Different concepts for IT equipment with data storage functionalities are available.
Either the units can be fully re-used, refurbished and remarketed or the units are fully disassembled to scrap the material and recycle secondary raw materials out of it.
According to the waste hierarchy, units should be sorted for being re-used before they get scrapped. Those possibilities have to be made aware and clear to the sender during concept creation. Re-use is the best way to care for earths’ resources. In case of choosing a re-use option, the recycling partner erases all data from the units before re-using them.
If a re-use concept isn’t an option for units, a legitimate recycler should be selected with mechanical operation and infrastructure in place to dismantle devices, remove hazardous waste and sort materials into different shredding fractions
If a re-use concept isn’t an option for units, a legitimate recycler should be selected with mechanical operation and infrastructure in place to dismantle devices, remove hazardous waste and sort materials into different shredding fractions. Gaining secondary raw materials out of shredded material has also a decisive impact on the protection of our environment, for instance in the reduction of CO2 emissions, as much more CO2 emissions are produced in case of the production of completely new material. As for PCs and other devices that have a hard drive, the easiest way to destroy private information is to have the hard drive shredded. There are authorized recycling firms that can can destroy all drives for you. They will place devices into a shredder, making it impossible for anyone to recover any information from it.
Finally, some advice for your future business. You should review security standards implemented and maintained by your recycler and make sure that standard processes such as Information Security Management System (ISO 27001) and ISO 66399 are implemented in the recycling operations. You don’t have to compromise on your recycling processes from a security and environmental aspect. As long as you make an effort, you can keep both your private information and your environment safe.
To obtain more information about CIRECON, click here
 https://www.securingindustry.com/food-and-beverage/cargo-theft-report-sees-increase-in-hijackings-in-2019/s104/a11363/#.X5qMmYhKiUl, 29.10.2020
 The Global E-waste Monitor 2020 – Quantities, flows, and the circular economy potential, S.15