Data Destruction and The Impact on Recycling. Data Breaches In 2012, over 26M records from 617 data...

24
Data Destruction and The Impact on Recycling

Transcript of Data Destruction and The Impact on Recycling. Data Breaches In 2012, over 26M records from 617 data...

Page 1: Data Destruction and The Impact on Recycling. Data Breaches In 2012, over 26M records from 617 data breaches were made public Average costs: –$194 per.

Data Destruction andThe Impact on Recycling

Page 2: Data Destruction and The Impact on Recycling. Data Breaches In 2012, over 26M records from 617 data breaches were made public Average costs: –$194 per.

Data Breaches

• In 2012, over 26M records from 617 data breaches were made public

• Average costs:– $194 per compromised record – $5.5 million per incident

• Damaged trust and reputation• Increased legislation to address:

– Health Insurance Portability and Accountability Act (HIPPA)– Fair and Accurate Credit Transaction Act (FACTA)– Identity Theft and Assumption Deterrence Act (ITADA)– Gramm-Leach-Bliley Act (GLBA)

• More than 46 States have passed legislation requiring owners of personal information databases to notify affected individuals of a data security breach

Page 3: Data Destruction and The Impact on Recycling. Data Breaches In 2012, over 26M records from 617 data breaches were made public Average costs: –$194 per.

Where Data Lurks• Data breaches made public were due to hackers• Items for recycling fall outside of established security protocols

– Data not only on computers• Copiers, printers, and scanners

– Employee owned devices (BYOD)• What is the disposition plan for those devices?

• Affinity Health Plan, a New York based not-for-profit managed care plan learned the hard way– Information left on HDD of a previously leased copier

Page 4: Data Destruction and The Impact on Recycling. Data Breaches In 2012, over 26M records from 617 data breaches were made public Average costs: –$194 per.

Electronics Recycling Industry

• Electronics recycling is a fairly young industry

• Companies entering the industry could so with few barriers to entry

– Frequently operations are in low-cost spaces with low wages

– Equipment can be as rudimentary as hand tools, pallet jack and pick-up or trailer

• Most recyclers continue to be, “mom and pop” operations with small facilities and fewer than 15 employees

• Easy to Export – US did not ratify rules set by Basel Action Network (BAN)

• Data more valuable than commodities

Page 5: Data Destruction and The Impact on Recycling. Data Breaches In 2012, over 26M records from 617 data breaches were made public Average costs: –$194 per.

What to Look for - Certifications

• R2 & e-Stewards: Recycle Responsibly• ISO 14001:2004 Environmentally Responsible• OHSAS 18001: Safety• TAPA: Transported Asset Protection• Microsoft Authorized Refurbisher: able to load operating system for

refurbished resale.

Page 6: Data Destruction and The Impact on Recycling. Data Breaches In 2012, over 26M records from 617 data breaches were made public Average costs: –$194 per.

Transported Asset Protection Association

• HVTT (High Value Theft Targeted) asset theft poses a major problem for many industries

• Theft of electronics and almost any other cargo of value is a daily event throughout the world

• This type of crime leads to potential liability of data breaches and compromised brand integrity

• While government programs such as C-TPAT focus on keeping dangerous items out of the supply chain, TAPA focuses mainly on the issue of theft

Page 7: Data Destruction and The Impact on Recycling. Data Breaches In 2012, over 26M records from 617 data breaches were made public Average costs: –$194 per.

Not All About Certifications - Observe

• Perform a Site Visit• Security

– Are there adequate security controls in place? Prevent theft of tablet and HDDs

• Safety– If the company does not care about the safety of their people will

they care about the safety of your data?• Environment

– If the site is careless about the environment will they be careless about your data?

• Employees– Background checked? Prison labor?

• Equipment– Adequately process for secured data destruction?

Page 8: Data Destruction and The Impact on Recycling. Data Breaches In 2012, over 26M records from 617 data breaches were made public Average costs: –$194 per.

Found a Recycler, Now What? Protecting data: Three main methods of erasing HD (Magnetic Media)

Page 9: Data Destruction and The Impact on Recycling. Data Breaches In 2012, over 26M records from 617 data breaches were made public Average costs: –$194 per.

Clearing

• Ensure information cannot be retrieved by data, disk, or file recovery utilities

• Resistant to keystroke recovery attempts from standard input devices

• Overwriting is one method (software)• Replace written data with random data• Cannot be used for media that are damaged or not writeable• Size and type of media determine if this is possible

Page 10: Data Destruction and The Impact on Recycling. Data Breaches In 2012, over 26M records from 617 data breaches were made public Average costs: –$194 per.

Why three passes?

• Some organizations are not specific on number of passes

• When specified, normally three• Why?

– US NIST Special Publication 800-88

Page 11: Data Destruction and The Impact on Recycling. Data Breaches In 2012, over 26M records from 617 data breaches were made public Average costs: –$194 per.

1 1111 1 11 11111111

Page 12: Data Destruction and The Impact on Recycling. Data Breaches In 2012, over 26M records from 617 data breaches were made public Average costs: –$194 per.

1 1111 1 11 11111111

Page 13: Data Destruction and The Impact on Recycling. Data Breaches In 2012, over 26M records from 617 data breaches were made public Average costs: –$194 per.

1 1111 1 11 11111111

Page 14: Data Destruction and The Impact on Recycling. Data Breaches In 2012, over 26M records from 617 data breaches were made public Average costs: –$194 per.

Purging

• Process that protects data from laboratory attack using non-standard means

• Degaussing – exposing media (hard drive) to strong magnetic field• Usually destroys drive as key firmware info on drive is destroyed• Ideal for large capacity drives• Eliminates Boot Sector

Page 15: Data Destruction and The Impact on Recycling. Data Breaches In 2012, over 26M records from 617 data breaches were made public Average costs: –$194 per.

Destruction

• Ultimate form of sanitization• Variety of methods but

shredding is typical method of destruction

• Shred sizes may vary depending on customers requirements

Page 16: Data Destruction and The Impact on Recycling. Data Breaches In 2012, over 26M records from 617 data breaches were made public Average costs: –$194 per.

Hard Drives (non SSD)

Clear• Overwrite media by validated overwriting software

Purge• Use approved degausser on entire HD unit or disassemble HD and purge

platters

Shred• Shred• Commodity separation• Material sent to proper metal smelter

Page 17: Data Destruction and The Impact on Recycling. Data Breaches In 2012, over 26M records from 617 data breaches were made public Average costs: –$194 per.

Cellphones/Tablets/Flash Drives

Clear• Delete all memory (internal and external)• Perform manufacturer reset• Use of external software

Purge• Same as clear

Shred• Remove battery and shred device• Device shredded and processed at precious metal smelter

Page 19: Data Destruction and The Impact on Recycling. Data Breaches In 2012, over 26M records from 617 data breaches were made public Average costs: –$194 per.

How to Minimize Impact

Managing carbon footprint with efficient logistics

And following the three R’s Reduce – Reuse – Recycle

Page 20: Data Destruction and The Impact on Recycling. Data Breaches In 2012, over 26M records from 617 data breaches were made public Average costs: –$194 per.

Drivers of Recycling Costs

Mechanical destruction consumes more energy than reusing

Reusing electronics can save 5-20 times more energy than recycling (eassetsolutions)

500%Savings

Page 21: Data Destruction and The Impact on Recycling. Data Breaches In 2012, over 26M records from 617 data breaches were made public Average costs: –$194 per.

Why Recycle Locally and Not Export Whole?

• Processing, shredding, and sorting– Increases security – Do you want your data sent to out of

country on an un-wiped drive?

SRS

Other ?

Page 22: Data Destruction and The Impact on Recycling. Data Breaches In 2012, over 26M records from 617 data breaches were made public Average costs: –$194 per.

Beyond Data Destruction - Benefits

• Recycling 1 million laptops saves the energy equivalent to the electricity used by 3,657 US homes in a year (Dosomething)

• One metric ton of circuit boards can contain 40 to 800 times the amount of gold and 30 to 40 times the amount of copper mined from one metric ton of ore in the US. (EPA)

• Overall, the processes used to make consumer goods from recycled material instead of raw resources is much more energy and water efficient (ecocycle)• Paper 60-70% less energy than Virgin Pulp and 55% less water

• EPA tool to calculate energy savings from recycling: http://ecocycle.org/ecofacts

Page 23: Data Destruction and The Impact on Recycling. Data Breaches In 2012, over 26M records from 617 data breaches were made public Average costs: –$194 per.

Certificate of Sustainability

• Certificate of Sustainability• Provides customers with a

view of four energy equivalency savings due to electronic waste recycling• Gallons of Gasoline Saved• Barrels of Oil Saved• Trees Planted• Gallons of Water Saved

• Calculations sourced from v3 of the Electronics Environmental Benefits Calculator from U.S. EPA

Page 24: Data Destruction and The Impact on Recycling. Data Breaches In 2012, over 26M records from 617 data breaches were made public Average costs: –$194 per.

Q&A