Data Security Ramifications of E-Waste

Thursday, April 28, 2011

Allan Pratt, MBA


With Earth Day behind us, it’s important to remember that recycling and doing our part to help the environment is something we need to do daily – not just one day a year because NBC-TV’s logo becomes green.

This is especially important in the tech industry because so many of us techies yearn for the latest gadgets the moment they’re announced at CES or by company presidents.

And of course, we can’t forget that for some new products, people line up days in advance at Best Buy or the Apple store. But when we buy new products, what do we do with the old stuff and how do we deal with the issue of data security?

The term “E-Waste” applies to electronic equipment that cannot be thrown away by conventional means: TV’s, computers, laptops, monitors, printers, cell phones, VCR’s, copier machines, fax machines, scanners, DVD players, cameras, keyboards, mice, speakers, computer backup batteries, computer wire/cables, ink cartridges (empty or full), motherboards, servers, stereos, radios, and electronic games.

TV’s and computer monitors cannot be thrown into landfills due to their lead content. Other electronic equipment may contain hazardous materials including mercury, arsenic, and cadmium.

In 2006, California passed a law that prohibited any E-Waste from being disposed in the trash/landfill or incinerated. However, one solution is to take your old electronics to an E-Waste collection site – Goodwill is a well-known drop-off location, and many charities also host E-Waste drop-offs as fundraisers.

Here’s a good video from Best Buy that shows how electronics get broken down into plastics, aluminum, steel, circuit boards, and old lithium batteries: For those who like Infographics and flowcharts, here’s a good one from Best Buy that shows the path of E-Waste:

But what are the data security implications if you have all of your important and confidential data on your computer hard drive or laptop? What if you are a policeman, school teacher, or lawyer – and the contact list on your cell phone includes names and addresses that you are legally bound not to share?

What if you are a doctor or medical professional and your fax machine or printer stores confidential patient records or other data you sent, received, or copied? Also, non-compliance for audits for HIPAA (Health Insurance Portability & Accountability Act), SOX (Sarbanes-Oxley), PCI DSS (Payment Card Industry Data Security Standard), FISMA (Federal Information Security Management Act), and GLBA (Gramm-Leach-Bliley Act) could cost you big bucks, depending on your industry regulations.

Here are some easy solutions. For computer hard-drives, remove the hard-drives and use a hammer and screwdriver to take them apart and break the disks inside the case – that’s the only way to completely destroy the data. For cell phones, break the inside chips, and for other equipment, check manufacturers’ websites to find out recommended ways to purge the memory.

In the words of Bill Gates, “Security is, I would say, our top priority because for all the exciting things you will be able to do with computers – organizing your lives, staying in touch with people, being creative - if we don't solve these security problems, then people will hold back.”


  • More than 6,000 computers become obsolete in California everyday. (RecycleWorks San Mateo, CA)
  • 75% of all computers sold in the USA remain stockpiled, awaiting disposal. (RecycleWorks San Mateo, CA)
  • As of June 2010, Americans trashed 140 million cell phones, and 126 million went into landfills. Only 14 million were recycled – that number will rise because 40% of cell phone users replace their mobile devices each year. (Green Marketing TV, Maryruth Belsey Priebe)
Possibly Related Articles:
Security Awareness
Compliance data destruction Storage Confidentiality Information Security eWaste
Post Rating I Like this!
The views expressed in this post are the opinions of the Infosec Island member that posted this content. Infosec Island is not responsible for the content or messaging of this post.

Unauthorized reproduction of this article (in part or in whole) is prohibited without the express written permission of Infosec Island and the Infosec Island member that posted this content--this includes using our RSS feed for any purpose other than personal use.