Data Destruction and the Environment

With today’s intense focus on protecting and preserving the environment, the data destruction industry will play an important role. As the need to create, store and transfer larger amounts of data grows, the capability to practice destruction techniques that are effective and environmentally friendly will set industry leaders apart. Since mandated particle destruction sizes for sensitive, personal and classified information continue to decrease due to the increasing sophistication of cyber-criminals, these incredibly minute materials become extremely difficult to recycle. This blog discusses various challenges the data destruction industry faces across all destroyed media types.

Paper

Although paper is considered recyclable material, there are restrictions the data destruction industry must keep in mind. For starters, recycling paper must first be severely compacted in volume, since it is spread on a screen to dry. Given that tiny bits of loose paper typically get stuck in, or fall through, the screen and ruin the process, shredded paper is often rejected by recyclers. Several US municipalities do have designated drop-off points for shredded paper, but the rules vary by jurisdiction. Some larger shredding companies have existing deals with recycling centers to address this growing issue, while other recyclers charge supplemental fees for picking up shredded paper.

Fortunately, companies like SEM produce equipment that automatically compresses shredded paper into briquettes, which are generally accepted at recycling centers. With paper compacted into readily recyclable briquettes, companies can save money by not having to pay recycling fees.

Optical Media

Optical media (e.g. CDs, DVDs, Blu-ray Discs) represent one of the greatest recycling challenges in today’s data destruction industry. Since optical discs are made of plastic resins and do not usually contain specific resin identification codes, they are commonly rejected by traditional recycling companies. Although the internet is riddled with ‘DIY solutions’ for repurposing used optical discs, these options are unacceptable for companies that handle highly sensitive data, since those companies must comply with extremely rigid data destruction regulations (e.g. particle size restrictions). For example, the National Security Agency (NSA) mandates that classified data on optical media must be destroyed to a particle size of no greater than 5mm2 for CDs and 2mm2 for Blu-ray discs and DVDs. This reduces the discs to dust, rendering them impervious to data harvesting.

Hard Disk Drives (HDDs)

HDDs are electro-mechanical data storage devices created with various metal and plastic alloys, most of which are recyclable and reusable. Completely shredding storage media onsite and then recycling HDDs is the best option for ensuring data is rendered useless while practicing environmental sustainability. Many services offer to destroy HDDs and send certificates of destruction; however, these certificates are not legally binding and do not release the original owner from liability in the event of data theft or data compromise. This is relevant to all companies housing sensitive data, since the internet is rife with stories about old HDDs scheduled for data destruction and recycling that are found with the data still intact. The most secure way to ensure that HDDs are ‘recycle-ready’ is to destroy them in-house. Destroyed materials can be sent to certified recyclers avoiding nonbiodegradable e-waste that finds its way into landfills. For perspective, approximately 44.7 million metric tons of e-waste was relegated to landfills worldwide in 2016 alone.

Flash Media (USB Drives, Solid State Drives [SSDs])

Flash media takes many forms, the most common being SSDs, USB flash drives and cellular devices with SIM cards. To ensure data eradication, flash devices must be completely destroyed prior to recycling. Publications like Wired imply that you can wipe the data clean yourself and then sell or give the device away for reuse. A word of caution for companies handling sensitive, classified, or personal data: there are countless instances of old flash drives and cell phones being purchased with their data still readily accessible. According to the Department of Homeland Security Cyber Infrastructure division, physical destruction is the “ultimate way to prevent others from retrieving your information.”

Fortunately for the green-minded organization, many materials used in the construction of flash media are recyclable after shredding. Some technology manufacturers offer recycling options for SSDs. In addition, organizations like Sipi Corporation specialize in refining and recycling valuable assets. Sipi uses recyclable materials from drives and phones to create new usable compounds, like collecting the minimal amounts of gold and silver present in most cell phones.

At a time when organizations are trying to be more environmentally conscious, it’s important to discard end-of-life material responsibly. The first step is ensuring complete destruction of sensitive data in-house to mitigate the risks associated with data theft and harvesting. The second step is identifying internal or external parties capable of recycling used physical materials so they don’t end up in landfills.

What’s Hot on Infosecurity Magazine?