Risky Or Responsible? Understanding And Avoiding The Perils Of Improper E-Waste And Data Management

Electronics laying in piles by a recycling bin.

Introduction

When it comes to the disposal of unwanted electronics and materials, most businesses, organizations, and individuals want to do the right thing. Yet, almost on a daily basis, the news media contain reports of illegal e-waste disposal or export.

In fact, millions of tons of e-waste end up in landfills or are shipped to developing countries every year. The chemicals contained in electronics, including lead, cadmium, chromium, mercury, bromated flame retardants, and polychlorinated biphenyls (PCBs), pose a huge threat to the environment and human health.

Also at risk is the security of sensitive consumer data from retired devices that are improperly handled. In 2018, each data breach cost U.S. companies an average of $7.9 million, according to Forbes magazine.

Outsourcing electronics and materials lifecycle management to an outside vendor does not necessarily reduce these risks. Too many of these vendors have determined that the improper handling and disposition of e-waste is more profitable than adhering to ethical practices and regulatory requirements.

Outsourcing also does not shield you from liability. When you hire an unethical, noncompliant vendor, you expose your organization to a broad array of negative consequences, which may include substantial fines, lawsuits, a tarnished reputation, and the loss of customers, sales, and revenues.

This white paper is intended to help you better understand the risks of improper e-waste and data management. Just as importantly, it provides benchmarks to evaluate potential electronics and materials lifecycle management vendors or to review the performance of your current vendor.

Finally, while risk reduction may be the primary focal point, this paper discusses opportunities to realize value, including return on investment, from your electronics and materials lifecycle management vendor.

Impacts of High-Risk Practices in Electronics and Materials Lifecycle Management

Many businesses and organizations do not recognize the far-reaching consequences when electronics and other materials are improperly — in many cases, illegally — discarded or exported. Furthermore, there’s a widespread lack of understanding about culpability when a violation occurs.

The impacts of unethical and noncompliant e-waste practices occur at multiple levels: environmental, human, social, and financial — and the repercussions for offending entities can be severe and long-lasting.

Improper disposal

The U.S. recycles only 12.5% of e-waste, according to the Environmental Protection Agency (EPA). And, while e-waste represents about 2% of America’s trash in landfills, it accounts for about 70% of the country’s toxic waste, reports the website dosomething.org.

Toxins from e-waste, which include lead, cadmium, chromium, mercury, bromated flame retardants, and PCBs, pose a significant threat to the environment and human life when those substances find their way into the nation’s soil, water, and air.

Unfortunately, many businesses and organizations, as well as electronics and materials lifecycle management vendors, have determined that unethical or illegal dumping is far less costly (and more profitable) than adhering to environmentally sound practices — that is, until they are caught breaking the law.

Violations of the Clean Air Act and Clean Water Act may result in fines of nearly $94,000 and $51,000, respectively, per incident. State fines and civil damages may also come into play, compounding the financial payouts for offenders.

The following recent case illustrates the perils of illegal e-waste disposal:

In California, a major grocery store retailer and two other companies under its ownership paid more than $1.6 million to settle allegations of improper disposal of electronics and other hazardous waste. As part of the settlement, the companies paid $1.2 million in civil penalties, $202,800 to reimburse the costs of the investigation, and $237,900 to fund supplemental projects furthering consumer protection and environmental enforcement.

Illegal export

Perhaps even more prevalent than improper domestic disposal is the export of e-waste to developing countries, most commonly to the informal recycling sectors of Asia and West Africa. In fact, the United Nations estimates that up to 50% of U.S. e-waste is shipped overseas to economically developing countries.

Much of this exportation occurs in violation of the Basel Convention on hazardous waste, a treaty that restricts the exports of e-waste and that has the support of 186 parties.

As with improper disposal domestically, the motivation for e-waste export is purely financial. But the costs can be enormous, both in terms of environmental degradation (the burning and dismantling of e-waste is one of the main contributors to atmospheric pollution) and the health effects for people, particularly individuals involved in the unregulated recycling and open burning of e-waste.

Whether it’s landfilled, burned, or improperly recycled, e-waste poses a broad spectrum of environmental and health hazards. For example, the open burning of printed circuit boards releases a toxic plume containing chemicals such as tin, lead, brominated dioxins, beryllium, cadmium, and mercury into the atmosphere. People who inhale these substances may experience numerous health effects, including damage to the central and peripheral nervous systems from lead and mercury, as well as an increased risk of cancer from exposure to cadmium.

Businesses and organizations that participate in the illegal export of e-waste face harsh consequences. For example:

The owner of a Colorado-based IT asset disposition (ITAD) company was sentenced to 30 months in federal prison. His company billed itself as an e-waste recycler but, in reality, had been selling electronic waste to overseas buyers. The ITAD company was also sentenced to pay a $4.5 million fine, and the owner was sentenced to three years probation for fraud and international environmental crimes.

Data breaches

Cybercriminals are constantly adopting new “attack vectors” in an effort to steal sensitive data, driving IT departments to devote enormous resources to strengthening the cybersecurity of their devices and networks.

In many cases, however, relatively little thought is given to the data residing on retired IT assets. And it’s not just hard drives that are susceptible to data breaches; other items with sensitive corporate and consumer information may include flash drives, CD-ROMs, floppy disks, and data tapes.

A large percentage of companies and organizations rely on electronics and materials lifecycle management vendors to destroy or scrub data from these devices and media. But how do you know whether a vendor is following industry best practices and regulatory requirements that ensure data security throughout the e-waste disposition process and ultimately the complete erasure of this data?

Violations stemming from lax data security practices can result in severe penalties under various laws and regulations. Following are some of the fines that may be levied against institutions for data breaches:

  • $5 million per violation under the Sarbanes-Oxley Act
  • $100,000 per violation under the Gramm-Leach Bliley Act
  • $50,000 to $1 million per violation under the Health Insurance Portability and Accountability Act (HIPAA)

These violations also may result in individual penalties, prison terms, civil fines, cease-and-desist orders, and other actions.

Adding up the costly and far-reaching consequences

If your business or organization is found culpable in the improper or illegal disposition of electronics and other materials, financial penalties may be just the start of your troubles. As discussed previously, other consequences include civil fines, lawsuits, and prison time.

Remember, too, that even if your electronics and materials lifecycle management vendor is held legally responsible for violations, your business or organization may be held accountable in the court of public opinion. For instance, if the vendor is caught improperly exporting laptops with asset tags that track back to your company, you will almost certainly share in the negative publicity. Consider the possible ramifications:

  • Damage to your brand and reputation, which may have taken several years to build
  • A reduction in sales to current customers — some of whom may pull away from you entirely
  • Alienation of potential new customers, hampering business development activities
  • Disruption to business operations, along with reduced productivity, as staff are obligated to respond to violations and perform damage control
  • A net negative impact on your bottom line that may persist for years to come

Considering all the costly repercussions of improper e-waste and data management, it clearly makes sense to partner with a vendor that can handle these responsibilities in a legal, ethical, and effective manner.

The question now becomes: How do you evaluate potential vendors and choose one that will consistently act in your best interests, in a way that minimizes your risks and maximizes your return on investment? Standard criteria, such as work history, references, years in business, and industry reputation, are good starting points. But your evaluation also should encompass benchmarks that pertain specifically to e-waste and materials management.

Minimizing Risks: 7 Benchmarks for Choosing the Right e-Waste Management Vendor

The risks associated with e-waste management are myriad. But this doesn’t mean you can’t minimize those risks by selecting a vendor that lives up to several key benchmarks.

Benchmark #1: Ability to manage the full chain of custody

“Chain of custody” refers to the start-to-finish journey of an electronic device or other materials, including pickup or drop-off, facility-to-facility transport, data sanitization and/or destruction, asset remarketing and resale, and end-of-life recycling. Most vendors outsource one or more steps in the chain of custody, although they may not readily disclose this information. Outsourcing creates risk, especially when sensitive data is involved, because even if your vendor follows all regulations and best practices, you may not have the same assurance with downstream vendors. And the more vendors involved, the greater the risks.

Ideally, choose a vendor that has control and oversight of the entire chain of custody. If downstream vendors are involved, make sure they receive the same thorough vetting as your primary vendor.

Benchmark #2: Environmental and data security certifications

The most reputable vendors (and any of their downstream vendors) are certified by several nationally recognized governing bodies, reflecting their compliance with environmental laws and the highest data security standards. Look for the following certifications:

  • National Association for Information Destruction (NAID)
  • R2 (independent industry certification by Sustainable Electronics Recycling International)
  • e-Stewards (independent industry certification)
  • ISO 9001 (quality management standard)
  • ISO 14001 (environmental management)
  • OHSAS 18001 (health and safety management)
  • International Traffic in Arms Regulations (ITAR)

Be wary of vendors that use the terms “comply with” or “adhere to” when referring to these standards. Without full certification, you cannot be certain that the vendor is truly living up to the organization’s requirements.

Also, ask for proof of compliance with local, state, and federal environmental regulations. For example, are the vendor’s facilities and processes audited by the state department of natural resources or other official agencies? Does the vendor audit all subcontractors that handle hazardous materials? Does the vendor have a strict no-landfill policy?

Benchmark #3: Multifaceted data security practices and processes

Besides protecting environmental and human health, nothing is more important in the e-waste management process than safeguarding organizational and customer data. And, while most vendors proclaim “your data is safe with us,” the proof is found in the number and quality of the security measures taken. Diligent vendors aggressively address data security from a number of angles, including:

  • Sanitizing or destroying data on any device in strict compliance with Department of Defense, National Institute of Standards and Technology (NIST) 800-88 and NAID standards
  • Training personnel in receiving, sorting, and teardown to conduct thorough checks of all data storage media
  • Conducting criminal background checks, extending back at least seven years, of all employees and job applicants involved in the e-waste management process
  • Using sufficient surveillance cameras in storage and processing facilities; monitoring should be handled by a third party, and footage should be retained for a minimum of 90 days

Benchmark #4: Organization-wide commitment to strong ethics

In their sales presentations, many vendors claim to possess a strong commitment to the highest levels of environmental and social ethics. But is there a disconnect between what they say and what they actually do?

In their e-recycling hierarchy, do these vendors focus on reuse first, followed by material recovery and recycling? A good indicator of this is whether they have a recovery division, where items are refurbished for resale, in full compliance with industry certifications, regulatory standards, and data security requirements.

Finally, how are environmental and social commitments demonstrated outside the sphere of the electronics and materials lifecycle management business? In other words, how is the company giving back to the community? This can take many forms, from planting trees in the community to funding literacy programs in developing countries.

Benchmark #5: Full visibility to customer data and processes

Given the potentially severe consequences for noncompliant or unethical practices, you need ironclad assurances that your e-waste has been properly and securely managed at every point in the chain of custody. Your vendor should be able to provide visibility to critical documentation, including:

  • Exactly what is being processed or managed by the primary vendor and what’s being sent downstream
  • Certificates of recycling and data destruction, including total weight of recycled materials and serial numbers
  • A bill of lading that includes pickup details for every shipment
  • Audit reports that include manufacturer name, model number, serial number, asset tag number, weight, and the resale value of qualified units
  • Remarketing settlement summaries that include manufacturer name, model, serial number, weight, product type, and resale value

Your vendor also should be completely transparent regarding any changes in its processes, which can significantly affect compliance with state and federal laws. Moreover, the vendor should provide notifications of changes in processes or downstream vendors, according to a specified timeframe. NAID certification requires these notifications; however, the requirement should extend to non-NAID vendors, too.

All of these and other deliverables, as well as penalties for noncompliance, need to be fully detailed in your contract with the vendor.

Beyond contractual language, evidence of full visibility can be found in whether the vendor embraces an “open door” relationship with its customers; good indicators of this include:

  • Offering an online customer portal that allows you to track your assets in real time, submit work orders, and view other account information anytime it’s convenient for you
  • Inviting you to the vendor’s facilities, giving you an opportunity to see firsthand how materials are processed and whether these practices conform to promises made by the company

Benchmark #6: Proven track record with local governments

Recycling programs can create significant risk for municipalities, counties, and other local governments. You can mitigate this risk by carefully researching potential e-waste recycling partners. Ask a lot of questions, including:

  • Do they possess nationally recognized environmental and data security certifications (as discussed under Benchmark #2)?
  • What is their financial and legal history over a span of at least five years of partnering with local governments?
  • Do they make statements that seem too good to be true? (Be especially skeptical of “everything is free” — a responsible vendor will incur significant cost that’s typically shared with the customer.)
  • Can you conduct audits to verify that materials are being appropriately recycled and not exported to other countries?
  • Do they audit their partners to ensure the proper disposition of commodities? How often do these audits occur?
  • If you visit them personally, does the facility seem to be well-organized with materials properly stored? Do they follow security best practices, including the use of locked facilities, surveillance cameras, and employee badges? Are employees using adequate personal protection equipment?
  • Are they “plugged in” to industry best practices and legislative/regulatory changes? How active are they in industry associations, training sessions, and events?
  • Can they provide references to demonstrate proof of responsibility, financial stability, responsive customer service, and an overall good track record?

Benchmark #7: Adequate liability insurance and closure plan

Despite every effort to minimize the threats, no e-waste management system is 100% free from risk. Given what’s at stake, insurance is a must. Sustainable Electronics Recycling International (R2 certification) and e-Stewards require proof of insurance that covers liability, environmental pollution, workers’ health, and transportation. They further stipulate that coverage amounts should be based on each vendor’s risk assessment. Look for a vendor that exceeds these minimum requirements and includes coverages for cyber security and professional liability.

Verify that the vendor’s insurance covers the entire chain of custody, including materials that are managed by downstream partners and at non-owned disposal sites. Due diligence in this area also should include checking for compliance with any applicable local, state, or federal regulations.

Just as importantly, find out whether the vendor has a financially guaranteed closure plan. In the event that the company ceases operation, a closure plan ensures the proper shutdown of facilities and prevents the abandonment of electronics. It should cover the cost of processing any remaining inventory and any cleanup that may be required to return the facility to a usable condition.

Be aware that, without adequate insurance and closure plan, collection sites may be held liable for improper disposal by their partners, and manufacturers may be held responsible for any materials that are inappropriately processed through state-funded recycling programs.

Maximizing Value: 3 ‘Bonus Benchmarks’ for Realizing the Highest Return on Investment

At this point, we hope it’s clear that a cut-rate electronics and materials lifecycle management vendor may not be such a good deal after all, especially when you consider the many costly consequences that can result from the improper disposition of e-waste or breaches of sensitive data. At the same time, your vendor should deliver a high degree of value — and potentially even revenue to your top line.

Following are “bonus benchmarks” for choosing a vendor that will provide the highest possible value and return on investment.

Bonus benchmark #1: IT asset resale and material recovery Many businesses and organizations don’t recognize how much latent value is concentrated in their unwanted laptops, desktops, servers, networking equipment, mobile devices, and other IT assets. The realization of this value can contribute revenue to your top line, helping offset the costs of an e-waste management program. Look for a vendor with extensive experience in value recovery. This takes three main forms:

  • Refurbishing and reselling hardware to wholesale and retail buyers
  • Recovering IT components, such as memory, processors, and circuit boards, for remarketing
  • Recovering materials, including precious metals and non-ferrous scrap, for sale to processing facilities

Secondly, seek a vendor with a robust revenue-sharing program for items or materials that have value. Typically, vendors will share anywhere from 50% to 75% of the net sale price. Other considerations include the diversity of the hardware handled by the vendor and the size of the vendor’s wholesale and retail network.

Bonus benchmark #2: All-inclusive pricing

Under a multi-vendor scenario, you may end up paying a higher total price for all the services involved in the e-waste management process. A “one-stop shop,” on the other hand, may offer bundled pricing that covers all the services you need. Regardless of which vendor model you choose, be sure to get pricing upfront, in writing.

Bonus benchmark #3: Capabilities and geographic footprint

How much is your time worth? Working with a vendor that has limited capabilities will require you to spend more time managing multiple vendors or internal processes. By contrast, a vendor with expertise in all phases of the program can alleviate much of this burden and save you considerable time. Also, if you require services in various parts of the country, choose a vendor with a nationwide footprint; you’ll avoid the time and hassle required to manage multiple vendors that serve limited geographic areas.

Key Takeaways

For a growing number of businesses and organizations, electronics and materials lifecycle management has become an increasingly strategic focal point — with good reason.

On one hand, you see what can happen when e-waste is an afterthought or when the selection of an electronics and materials lifecycle management vendor is based purely on price. Operating within these shortsighted parameters increases the potential for mismanagement, which magnifies the risk for any or all of the following:

  • Steep financial penalties
  • Lawsuits
  • Prison time
  • Damage to brand and reputation
  • Loss of customers and new business
  • Disruption to normal business operations
  • Cease-and-desist orders

In many cases, the cumulative damage is severe, long-lasting, and difficult, if not impossible, to repair.

The good news is, these harsh outcomes are almost entirely avoidable. As a first step, it’s important to understand that your business or organization probably isn’t equipped to handle electronics and materials lifecycle management internally. There are simply too many logistical challenges, too much investment required, and a myriad of complex laws and regulations to satisfy.

So then the question becomes: How do you identify a vendor that can assume the burden of electronics and materials lifecycle management in a manner that’s legal, ethical, and effective?

This white paper presented seven benchmarks for evaluating potential vendors:

  1. Is able to handle the full chain of custody for electronics and materials disposition
  2. Has environmental and data security certifications from nationally recognized governing bodies
  3. Uses a multifaceted approach to protecting organizational and customer data
  4. Demonstrates an organization-wide commitment to strong environmental and social ethics
  5. Provides you with full, easily accessible visibility to every point in the chain of custody and, even better, offers an “open door” relationship with customers
  6. Has a proven track record with local government e-waste recycling programs
  7. Carries adequate liability insurance covering data breaches and e-waste pollution, along with a financially guaranteed business closure plan

Lastly, while price should not be the sole or main criterion for your vendor selection, it’s reasonable to expect value and potentially even a return on investment. This is possible with a vendor that:

  • Has an IT asset resale and material recovery program, with a revenue-sharing component
  • Offers all-inclusive, or bundled, pricing for a comprehensive set of e-waste management services
  • Saves you time by possessing expertise in all phases of electronics and materials lifecycle management and by maintaining a large geographic footprint

About Dynamic Lifecycle Innovations

Dynamic Lifecycle Innovations is a full-service electronics and materials lifecycle management corporation specializing in IT asset disposition, electronics recycling, legislative compliance, product refurbishment, remarketing and resale, materials recovery, and data security. We create customized service packages designed to safeguard sensitive data and protect the environment from e-waste and other pollutants.

Our commitment to data security, environmental protection, and the health of individuals involved in e-waste processing is demonstrated in our many certifications and registrations, including NAID, R2, e-Stewards, and ITAR.

Since Dynamic’s inception in 2007, the company has become an industry leader by constantly refining our services and processes as we gain new insights into materials lifecycle management. We strive to foster authentic, meaningful relationships with our clients, maximize their value recovery, ensure their organizations’ assets and data are properly disposed of, and deliver the security they need to know the job is done right. Our goal is to create an exceptional experience every time we interact with our customers, and we strive to deliver top-quality services with passion, integrity, transparency, and environmental responsibility.

Dynamic Lifecycle Innovations is headquartered in Onalaska, Wisconsin, with additional facilities located in Nashville, Tennessee.