If your computer keyboard is nearby, take a look at the alphanumeric keys. If you break a hard drive into pieces that small, data can still be recovered from them. In order for data to be unrecoverable, you have to break a drive into pieces a quarter inch or smaller. That's roughly the size of an eraser on a pencil.
That's one surprising fact that I learn recently talking with Chris Adam, director of IT asset management at NextPhase. After reading last month's column about how individuals can do some spring cleaning and get rid of old computers sitting at home gathering dust, Chris contacted me wanting to know whether I'd be interested in learning more about how companies can do their own spring cleaning. I took him up on his offer.
Citing a Gartner report, Chris noted that companies and individuals worldwide are expected to replace more than 1 billion PCs during the next three years. No doubt, companies will account for most of that billion.
Companies can dispose of outdated computers several ways, including donating them to charity, reselling them to individuals (e.g., employees) or organizations, disassembling them into separate components and selling those components, and recycling computers into raw materials. Understandably, the U.S. Environmental Protection Agency (EPA) prefers that you try to reuse or recycle electronics rather than putting them in a landfill ("WasteWise Update: Electronics Reuse and Recycling").
However, deciding the best way to dispose of old computers isn't always easy. Companies need to be aware of federal environmental regulations, such as the EPA's Electronic Code of Federal Regulations (e-CFR), Title 40, Parts 261 and 262, which concerns the proper handling of hazardous materials. They also need to know about any state environmental regulations. Failure to comply with federal and state environmental regulations can lead to hefty fines.
Equally important, companies need to be aware of the importance of removing sensitive data. According to Chris, when it comes to computers, you can transfer the title but not the liability. In other words, companies are liable for any confidential data on their computers, even if the computers are resold. For example, suppose that a company reformats the hard drives of some outdated computers, then holds an employee sale to dispose of them. An employee buys one of the computers but finds she never uses it, so she sells it a garage sale. Unbeknownst to the employee, the person who bought it is a computer whiz who isn't exactly on the up and up. He takes it home, recovers parts of the hard drive, finds some credit card numbers of customers who did business with the company, and goes on a spending spree. That company would be liable if the case went to court.
"Ultimately, the most expensive cost associated with PC disposal is the cost for failure to dispose of PCs (and the data residing on the drives) appropriately," according to the Gartner report "How Companies Get Clever With IT Asset Disposal." Fortunately, companies don't have to go it alone when trying to figure out how to properly remove data and dispose of old computers. Outsourcers such as NextPhase, a provider of end-of-life IT asset management services, can help. NextPhase can walk large companies through the entire process, from deciding the most effective course of action to carrying out that decision. For example, if a company wants to resell its old computers, NextPhase will pick up those computers, remove all the sensitive data, then try to resell the computers on the global market, passing any remarketing profits to the company. If a company has extremely sensitive data, NextPhase can even provide its services at the company's facility, including trucking in a huge grinder that will pulverize hard drives into pieces no larger than a pencil eraser.