Electronic waste, or E-waste, is a growing and global issue. In January 2019, the World Economic Forum (WEF) and the United Nations E-waste Coalition found that approximately 50 million tonnes are produced each year – most of which is either incinerated or dumped in the landfills of the world’s poorest countries.
Since the start of the Covid-19 pandemic and the consequent shift to home working, much of the tech people used in their day-to-day work lives – desktop PCs, network equipment, on-premise servers, and so on – has been left behind in offices, all while enterprises have had to equip their employees with replacement hardware so they can continue working remotely.
The need to provide remote workers with replacement technology caused a massive spike in demand for equipment, according to Fredrik Forslund, director of the International Data Sanitisation Consortium (IDSC) – a firm which seeks to educate organisations and standards bodies about the permanent eradication of data.
“All second-hand gear sold out, the whole industry globally saw every inventory selling out, and the demand was sky high and could not be met by the second-hand market or the first-hand market. The demand spike was enormous,” he says, adding that the flood of replacement hardware means there is going to be “an enormous amount of infrastructure” that will need to be recycled or re-used.
To find out how enterprises can deal with the e-waste problem – which was already significant before the pandemic prompted a huge procurement push for replacement hardware – Forslund and Rohini Khanduri, a director at IT Asset Disposition (ITAD) firm Ingram Micro, spoke to Computer Weekly about how organisations can approach dealing with their equipment sustainably.
Data sanitisation and ecolabels
When equipment reaches the end of its usefulness, organisations essentially have three options – destroy, recycle or reuse.
In terms of the difference between the latter two, Khanduri says although both serve the same goal of getting the equipment back into the market, reuse is about re-deploying the same device while recycling is about breaking it down to its raw materials so they can be redirected back into the manufacturing cycle.
“It’s about getting it back into the ecosystem and avoiding landfill as much as possible, which is what affects the environment,” she says.
Forslund, who is also vice-president of enterprise cloud and datacentre erasure solutions at data erasure services firm Blancco, adds: “The computer manufacturing process eats up approximately 80% of all energy and resources consumed through the entire life cycle of a computer.”
This means reuse in particular is vital to reducing the industry’s emissions and consumption of limited natural resources such as lithium or cobalt – key components in everyday electronic products such as phones and laptops.
However, to safely redeploy equipment, enterprises must first ensure that all data held on the device is irrevocably wiped.
“You have to have your data wiped 100%, and be able to prove it with audit trails on exactly who wiped it, when you wiped it and what happened,” says Khanduri, adding that once wiped, the equipment can get back into the secondary market without the risk of sensitive personal information being carried over and still accessible to the new user.
“If there’s not a wipe solution, we then take it into the next level… [and] send it for physical destruction, but our first goal is always to wipe.”
Rohini Khanduri, Ingram Micro
Forslund adds that while specific kinds of IT assets may require different data sanitisation processes, the overall task remains the same: erase, report and audit.
“If you take one of those things away, the whole chain of custody and the chain of trust falls down,” he says, essentially meaning that the device cannot be safely reused or recycled if there is a risk that the data can still be accessed.
Both Forslund and Khanduri recommend that, to have confidence in these processes, enterprises must perform their due diligence on whichever ITAD firms they end up using to ensure secure processes are being followed and properly documented.
For Forslund, auditing the data sanitisation process can also help to avoid privacy breaches, as “a lot of people and hands are involved” when dealing with end-of-life equipment, “and we see that whenever there is a breach, it’s very much been because of poor physical control”.
He adds that if organisations do not have an audit trail built in, and data leaks as a result of the device’s redeployment, “you have a huge potential loss of goodwill, as well as financial penalties if it’s breaching privacy legislation”.
However, for recycling specifically, organisations also need to know what materials are in the device so that it can be approached safely, as many rare earth metals used in electronics can produce toxic waste if not dealt with correctly.
One solution that has been on the rise is “ecolabels” which, similar to how ingredients are listed on food packaging, lets enterprises know exactly what materials their equipment contains.
“We know exactly what’s inside of food because that has been in demand in the market for a long time,” says Forslund.
“But the same thing is starting to be visible in the IT industry where you have to show that: ‘This product contains the following materials, we stand behind the following production processes, we have been thinking about recycling and next steps, and we know this system can be sanitised and reused.’”
He adds that, on a consumer level, “we have started demanding organic and correctly produced foods [from the food industry], and I think you’ll see the same pattern in everything that we’re consuming – it’s happening in the fashion industry and it’s starting to evolve in the IT industry.”
Sustainability practices need ‘aligned’ approached and C-suite buy-in
For Khanduri, the biggest remaining barrier in getting organistions to adopt sustainable asset disposal practices such as data sanitisation and ecolabels is a lack of awareness.
“We get a lot of requests from our customers about their environmental impact and so on, because a lot of customers don’t really know what to do and where to go, so they rely on us heavily to guide them through these processes and what should be done,” she says.“It would be very helpful for organisations to join and participate in [various consortiums or joint initiatives].”
Forslund also says that companies should come together with a range of other stakeholders to build momentum on these issues, as one company working alone on developing sustainable practices is unlikely to make much of an impact. Through such collaboration, companies could, for example, set procurement requirements throughout supply chains to standardise or certify ecolabels.
“Here, the legislator and the public sector also have responsibility because they are often involved in updating the legislation and updating the requirements on industry,” he adds.
However, to collaborate effectively with others, enterprises must first get on the same page internally about their approach to sustainability.
“I would like to highlight that [sustainability] needs organisational buy-in – you need legal cooperating with corporate governance, cooperating with the finance department, cooperating with the IT operations department – if you don’t have an aligned understanding and priorities that everyone stands behind [it will fail]; we have seen siloed initiatives fail too many times,” he says.
This sentiment was echoed by Khanduri, who says: “If the corporation doesn’t come together, if one person is spearheading it, it’s not going to go very far at all – if it’s a requirement from the top down, then it’s going to happen, and that’s what needs to happen.”