This is the third post in our blog series about choosing an OEM legislative compliance partner. You can read the first article here and the second article here.
For original equipment manufacturers (OEMs), the focus of state-legislated recycling programs extends beyond the compliant processing of hardware and keeping electronics out of landfills; it also encompasses the secure handling of data contained on that hardware.
In a perfect world, consumers will have completely erased any sensitive personal data from these devices before drop-off at collection sites. Unfortunately, this doesn’t always happen, leaving data vulnerable to breaches.
As an OEM, you may or may not be legally liable for stolen data on devices turned in for recycling by consumers. However, a data breach involving one of your products or programs could, at minimum, generate negative publicity that damages your brand and company reputation.
The right legislative compliance partner can be a trusted ally in protecting sensitive personal data on discarded devices— a benefit for both your customers and your company. So, which qualities and capabilities specific to data security should you seek in a partner? Here are several that are especially crucial:
- Third-party certifications. Most states require recyclers to have certifications such as R2 or e-Stewards®, which demonstrate a strong overall commitment to the responsible management of end-of-life devices and the data they contain. For added assurances of the most stringent data management and destruction practices, look for certification by the National Association for Information Destruction (NAID).
- Proof of data destruction. The vendor should provide a certificate of recycling/destruction (COR/COD) to verify that data storage components have been managed appropriately through end-of-life processing.
- Pervasive commitment to data security. Data security should be one of the partner’s core competencies, not an afterthought. Besides NAID certification, telltale signs of this commitment include compliance with NIST 800-88 Guidelines for Media Sanitization and Department of Defense standards for data destruction. Also, find out whether the partner carries adequate cyber liability insurance.
- Robust, seamless menu of services. Ideally, choose a partner that handles a comprehensive set of program management and e-recycling functions. This helps ensure compliant data management best practices, as well as full visibility, through a device’s full chain of custody.
- Secure transportation services. Transporting data-bearing devices from a collection site to the recycling facility is inherently risky. Your legislative compliance partner can significantly reduce this risk by providing secure transportation throughout the chain of custody.
- Adaptation to evolving trends. Personal data resides on an ever-growing list of electronic devices, thanks in large part to the development of IoT (internet of things) products — for example, “smart” refrigerators that communicate with smartphones. Your partner should see these evolving trends, understand the implications for data security and be able to respond accordingly.
Consider our commitment to data security.
At Dynamic Lifecycle Innovations, data security is one of our top competencies and priorities, and we’re ready to apply our expertise to your legislative compliance needs. I encourage you to download our “Legislative compliance for OEMs” information sheet and then contact us if you have questions or if you’d like to explore a partnership with Dynamic. By request, we can connect you with one of our reference OEMs; we’d also be glad to have you visit and get an up-close look at our operations.
Amanda Buros is the director of program compliance at Dynamic Lifecycle Innovations. You can reach her at [email protected].