When your IT device goes off-line and is no longer being used, does your organization have a plan in place to properly destroy the data and/or device? Does your plan
include how to get rid of old and used equipment securely.
The proper handling of IT assets that are no longer being used is the first step to ensuring your company does not incur a major data breach. An IT Asset Disposition (ITAD) program can help you avoid data breaches and ensure that the disposition goes smoothly.
Let’s take a look at the most overlooked part of data security and what you need to know to keep your data secure.
The Major Blooper
Morgan Stanley, a giant in the financial industry, made a very expensive mistake in 2016. In order to cut down on costs, they switched ITAD providersand it led to a major security breach of their customers’ information.
In 2020 (the most dreadful year), they alerted their customers about the data being mismanaged (and compromised). Lack of sanitization of the devices led to loss of customer data – all this happened just because they switched to a ‘non-experienced’ ITAD provider.
Well, the big blooper is the following: Morgan Stanley had to pay a $60 million fine for mismanaging their customers’ data…..and they are still neck-deep in legal work.
Here’s where they went wrong: they hired a company with zero experience in data destruction. The company didn’t destroy the data and sold the devices to different subcontractors with their customer’s information still residing on the devices.
The whole idea of sharing this major blooper with you was to reiterate why a reliable ITAD provider is essential in order to ensure that confidential data is never compromised. Utilizing an inexperienced ITAD provider can lead to never-ending legal ramifications and a major loss of money to your company’s bottom line.
Lesson Learned the Hard Way
There is a lesson in this for every big and small company out there. First, you must work with a legit ITAD provider. There are many of them out there, but choosing the right one will help in making or breaking your business. Morgan Stanley tried to take a shortcut by working with an ITAD provider that charges less for their services…and we all know how that turned out. You don’t want any legal or environmental consequences, so going the least expensive route, doesn’t mean you’ll always save money.
The second learning is that a good ITAD provider should follow best practices to keep their client’s data secure. They must work with your organization to create a safe and efficient program that works for you and your company. Don’t let them cut corners as that could lead to major legal ramifications.
What to Look for in an ITAD Company
The role of an ITAD company is to ensure that all data and assets are properly accounted for and disposed of in a secure and compliant manner. This includes ensuring that data is erased or destroyed in accordance with applicable laws and regulations and that all assets are properly tracked and accounted for throughout the disposal process.
An ITAD company can help your organization mitigate risk by providing a secure and compliant solution for disposing of data and assets. By working with an ITAD company, you can be sure that your data and assets will be handled in a safe and compliant manner. There are many ITAD companies that offer a broad range of services to their clients, but at OceanTech we specialize in risk mitigation, chain of custody, and compliance.
- Risk Mitigation: OceanTech has a proven track record of helping companies mitigate the risks associated with data breaches and other cybersecurity threats. Every data containing device that passes through our facility receives compliant, top-notch data destruction. This includes hard drives, laptops, smartphones, and any other devices that may contain sensitive information.
- Chain of Custody: OceanTech provides an industry-leading chain of custody solutions that ensure your data is protected at every step of the ITAD process. Our team of certified professionals will work with you to create a custom solution that meets your specific needs.
- Compliance: OceanTech helps companies ensure compliance with data privacy regulations such as GDPR and HIPAA. We do this by maintaining R2:2013 Responsible Recycling, ISO 14001:2015 Environmental Management System and ISO 45001:2018 Occupational Health and Safety Management System certifications.
Concluding Thoughts
The data decommissioning process is serious business! One mistake could cost you millions. In September, 2022 Morgan Stanley paid another $35 million fine over IT asset disposal failure during its data center decommissioning projects. They were accused of failing to protect the data of millions of customers.
Don’t be next on the list. Choose an experienced ITAD provider that meets or exceeds all industry standards and data destruction regulations.