Transcript Document

How End-of-Life IT Management Can Protect
Data and Help Lower our Carbon Footprint
DCM 5.5 Operations with Justin Tinkle,
Director Of Sustainability, DMD Systems Recovery
Topics to be Covered:
1.
Embodied Energy
2.
Social and Environmental
Responsibility
3.
Data Security
4.
Legislation and Certifications
5.
Choosing an ITAD Provider
What is End-of-Life-IT Management?
 IT Asset Disposal (ITAD)
 Computer Refurbishment
 Electronic Asset Disposal (EAD)
 Systems Recovery
 Reverse Logistics
 Disposition Services
 Electronics Takeback
 Technology Decommissioning
 E-waste Recycling
 Equipment Demanufacturing
The level of responsibility an organization is willing to
accept for the disposal of their electronic assets.
Some IT Devices that Require End-of-Life Management
Servers
Computers
Storage Devices
Monitors
Networking
Devices
Circuit Boards
Cables
Responsible End-of-Life Management Practices
Formulate policies, practices, and strategic decision making that
effectively mitigate the negative social and environmental
externalities of electronics disposal.
Did you know….
82.3% (2.59
out of 3.19
million tons)
of e-waste
generated in
2009 went into
landfills and
incinerators,
and 17.7% was
exported. (EPA)
The average cost of non-malicious data breaches:
$470,000. However, the most serious consequences
reported are lost reputation and brand value/image.
(“The Post Breach Boom”, Ponemon Institute, 2013)
Guiyu, China (the unofficial E-waste
capital of Asia):
• Has the highest levels of cancer
causing dioxins in the world
• 7 out of 10 kids have too much lead
in their blood
• Pregnancies are 6 times more likely
to end in miscarriage
• Rivers are so contaminated that
drinking water must be trucked in
(60 Minutes: The Electric Wasteland)
E-waste is the fastest growing component
of municipal waste, we throw out about 130
computers everyday in the US alone.
(60 Minutes: The Electronic Wasteland)
Manufacturing the
average desktop
computer and 17inch CRT monitor
uses:
• 530 Ibs. fossil
fuels
• 50 Ibs.
Chemicals
• 3,330 Ibs.
water.
(Eric Williams Ph.D, ASU
Global Institute of
Sustainability)
Section 1:
Embodied Energy
Embodied Energy—
All of the energy that goes into the production process,
cumulatively from raw material to marketable product.
 Average product
fossil fuel to
product weight
ratio: 2:1
Due to embodied energy in semiconductors and more
increasingly, nanomaterials, modern computers are
even more energy intensive to produce.
 Computer fossil
fuel to product
weight ratio: 12:1
What other components of a computer have
high embodied energy proportions?
 Microprocessors
 CPUs
 GPUs
 Nanomaterials
 Electronic Grade Silicon
 Effective air processors
 Air circulation systems
 Microchips
…
Embodied Energy in a Microchip
2-gram microchip in
2002…
 The RAM in a typical personal computer today
contains 18-36 2-gram microchips.
 The energy used to produce typical laptop
RAM is enough energy to power a 30-watt
laptop nonstop for 500 to 1,000 days.
Needs 1.6 kg fuel for
every 2 gram of
microchip, or
800 kg fuel to produce
1 kg of microchips
(800:1 ratio)
“The embodied energy of the
memory chip alone already
exceeds the energy
consumption of a
laptop during
its life expectancy
of 3 years.” (Kris De Decker, 2009)
Why Recycling is Not Enough
 Server life expectancy is 3-5 years, depending on
how demanding their applications are.
 Overall energy use: 83% production, 17%
operation.
 The best way to lower the ecological
footprint of any electronic device is
to extend its usable lifespan.
The Electronics Environmental Benefits Calculator (EEBC)
 Estimates environmental benefits of greening the
purchase, use and disposal of electronics.
 Specifies environmental attributes
(e.g., the elimination of toxic chemicals, the use of
recycled materials, power consumption).
 Specifies product management activity (e.g., power
management, equipment reuse and recycling).
 Translates attributes and activities into environmental
benefits.
Case Study
Life-Extending Options
 Redeployment
 Lease Return Management
 Systems Imaging
 Selling to Employees
 Warranty look-up and
Provisioning
 Software Harvesting
 Donating Useable Equipment
 Trade-In-Management
Sustainability Reporting
 How can your company lower their carbon footprint, prepare for
the possibility of a carbon tax, and enhance their reputation as an
environmental leader?
 End-of-Life IT management
Carbon offset credits
Section 2:
Social and Environmental
Responsibility
Economics of Social Injustice within E-cycling Trade
“Recycling in the developing world at a net profit versus
recycling in the U.S. at a net cost creates a market dynamic
for exporting electronics to the developing world.”
(Professor Eric D. Williams, ASU)
Developing World
 Lower labor costs
 Higher demand for reused
products and parts
 Less stringent environmental
protections
Guiyu, China
©2008 Basel Action Network (BAN)
Learn more about the e-waste
‘industry’ in Guiyu: 60 Minutes:
The Electronic Wasteland
Accra, Ghana
Learn more about e-waste in
Ghana: E-Wasteland, a
documentary by David Fedele
Negative Social Impacts—Social Injustice
1.
Outcome of weak ITAD management caused by the
exportation of equipment to developing countries and
the effects of unregulated recycling.
2.
Outcome of rapid obsolescence of working devices due to
new and improved products on the market.
Reproduction
Illness
Chemicals cause higher
rates of miscarriages,
birth abnormalities,
endocrine (hormone)
disruption, and more.
Workers and residents
constantly breath in
cancerous and
respiratory disrupting
pollutants.
Sustenance
Levels of toxins
accumulate as they
move up the food chain
(ex: water < plankton
<< fish <<< humans).
Pictures: ©2006-8 Basel Action Network (BAN)
Negative Environmental Impacts—
Jeopardizing Resiliency of Natural Systems
1.
Outcome of weak ITAD management caused by pollutants
from electronic components infiltrating soil, air, and water.
2.
Outcome of rapid obsolescence of working devices due to
new and improved products on the market.
Water
Leeching of chemicals
such as lead, mercury,
cadmium, hexavalent
chromium, brominated
flame retardants…
Air
Burning equipment
emits pollutants such
as dioxins and furans;
two of the most toxic
chemicals known.
Soil
Plants absorb chemicals
via air, water, and soil,
building up levels of
toxins that are absorbed
into the food chain.
Section 3:
Data Security
Data Security
1.
If breached, could mean the loss of financial and/or
strategic company information.
2.
In 2010, improper disposal was behind 10% of all data
breaches.
In 2009, 40% of hard
drives sold on E-Bay
contained sensitive
personal and/or
business data.
(Kessler International)
Source: KPMG International October 2010
Hard Drives: to Sanitize or Destroy?
 Remarketing IT assets can offset the cost of disposition, but
can also jeopardize data security if not managed properly.
 Costs for data breaches can amount to thousands or even
millions of dollars, depending on fines, bad PR, and sensitivity
of the data breached.
How can you maximize investment recovery for your
retired IT assets without compromising security?
Physical Destruction…
 Destruction decreases residual value; remarketing
value is higher when systems are intact.
 IT assets can lose about 20-30% of their
remarketing value when hard drives are removed.
Destruction is only necessary when the
equipment being retired has no resale value.
Data Sanitization is an Authorized Alternative
 Every major American and European standards organization, including
the National Institute of Standards and Technology, acknowledges that
a single-pass overwrite is suitable for data destruction. (NIST 800-88)*
*Data sanitization procedures must
comply with all industry standards
Data Security Compliance
Certified data destruction vendors conform to certification standards from:
 Payment Card Industry (PCI)
 National Association for Information
Destruction (NAID)
They are also compliant with regulations from a number of other data
sanitization-standards-organizations, such as:
 Department of Defense (DoD)
 Fair and Accurate Credit Transactions Act (FACTA)
 Fair Credit Reporting Act (FCRA)
 Gramm-Leach-Bailey Act (GLBA)
 Health Insurance Portability and Accountability Act (HIPAA)
 Health Information Technology for Economic and Clinical Health
Act (HITECH)
 National Institute of Technology (NIST)
 Sarbanes-Oxley Act
Some Common Data Security Guidelines
From the Organization for Economic Co-operation and Development (OECD)
Guidelines for the Security of Information Systems
 Accountability - The responsibilities and accountability of owners, providers and
users of information systems and other parties...should be explicit.
 Awareness - Owners, providers, users and other parties should readily be able,
consistent with maintaining security, to gain appropriate knowledge of and be
informed about the existence and general extent of measures...for the security of
information systems.
 Proportionality - Security levels, costs, measures, practices and procedures should be
appropriate and proportionate to the value of and degree of reliance on the
information systems and to the severity, probability and extent of potential harm....
 Integration - Measures, practices and procedures for the security of information
systems should be coordinated and integrated with each other and other measures,
practices and procedures of the organization so as to create a coherent system of
security.
 Reassessment - The security of information systems should be reassessed
periodically, as information systems and the requirements for their security vary over
time.
Section 4:
Legislation
and Certifications
Federal Legislation—
Responsible Electronics Recycling Act
 Originally introduced and repealed in
2011, and set to be reintroduced this
year.
 If passed, will prohibit electronic
exports to non OECD/EU Countries.
 Will require EPA to develop procedures
for identifying materials that pose a
threat to human health and/or the
environment.
State Legislation
Without appropriate legislation or enforcement in place, it is up to
individual recyclers to provide an environmentally responsible
choice for recycling.
Responsible Recycling Certifiers—R2
Established as a collaboration between EPA, state
governments, OEMs, NGOs, refurbishers, and recyclers.
R2 Certifies that vendors follow strict guidelines in over 50 operational and
environmental areas. These are categorized into 4 groups:
1.
2.
3.
4.
Data Security
Environmental practices
Proper E-waste Disposal
Remarketing and Reuse
Vendors are audited annually to verify they are adhering to guidelines.
Responsible Recycling Certifiers—E-Stewards
Developed by the Basel Action Network (BAN) with input from experts in
the recycling and asset recovery industries, environmentalists, health and
safety professionals, and the certification and accreditation industries.
 Uses ISO 14001 as a framework
 Exportation of hazardous e-waste from developed to
developing countries is not permitted.
 Safe on-site handling of hazardous e-waste and other
problematic components and materials, such as no
shredding of mercury.
 Full accountability for the entire downstream recycling
chain of toxic materials to final disposition.
Number of Certified Facilities
As of March 31, 2013
357
USA, Costa Rica, United
Kingdom, Germany, India,
Malaysia, Singapore, China,
New Zealand, and Australia
134
USA and United Kingdom
Section 5:
Proficient ITAD
Providers
Proficient ITAD Vendors
Proficient vendors maintain:

Compliance with relevant legislation

Critical knowledge of remarketing value of assets

Detailed Records, including a data security repository

Regular audits to ensure devices are 100% free of data
Best Practices of an End-of-Life Vendor
1.0
Policy
Formal, written policy
Certified in environmental and data destruction processes
Consistent implementation enterprise-wide
2.0
Organization
Centralized program control
Senior management oversight & accountability
Designated individuals with formal roles & responsibilities
3.0
Internal
processes &
controls
Certified technologies for data destruction
Separation of duties
4.0
External
processes &
controls
Certified vendors
Certified technologies for data destruction
Secure chain of custody for media in transit
Environmental recycling with zero landfill policy
Liability indemnification
5.0
Documentation
Online inventory and reporting
Serialized reporting
Certificate of destruction
Sustainability Reporting
6.0
Program
management
Incident management procedures in place
Periodic vendor review and program audit
Resale, redeployment, charitable donation, employee purchase
options available.
Thank You!
Justin Tinkle
Director of Sustainability
DMD Systems Recovery, Inc.
[email protected]
(602) 307-0180