As an institution with academic, research, and healthcare departments, we understand the importance of keeping data secure. Fortunately, sustainable and security efforts have many overlaps. For example, data centers both decrease the environmental impact of computing and provide additional security for information on its servers. Furthermore, even simple sustainable practices such as increased power management settings can prevent sensitive information from being left on computers without supervision.
However, for electronic disposal, environmental efforts and cybersecurity measures often diverge. At the end of your electronics' useful lives, it is best to repurpose and donate the device to another organization or person who could still benefit from the machine. If that is not possible, it is still best to donate a whole electronic to be deconstructed and recycled in the most efficient manner possible. However, disposing of intact machines may pose a security risk when devices have sensitive information on them. Therefore, disposing of e-waste may require extra security measures to be implemented in order to prevent any sensitive data from leaving an institution. It is important to be vigilant and understand the proper procedures before disposing of electronics, so that you can minimize your environmental impact without increasing your security risks.
Whenever intact IT equipment leaves your organization, it is important that they are cleared of all sensitive data - passwords, health information, client contacts, etc. On modern devices, it can be hard to tell if the data is truly removed, even after a factory reset. There are two ways that UVA is exploring to maximize the odds that your data can no longer be accessed from your old device.
In the past, we have outsourced our electronics to an external service provider that specializes in properly handling e-waste. There are many companies out there that specialize in electronic waste handling. If you choose this route, which is less time intensive than setting up a sale, then make sure that you choose a certified e-waste recycler, so you are minimizing the negative effects to the environment - including poisonous water contamination and wasted precious metals.
There are currently two certifications approved by the EPA: the e-Stewards and R2 certifications. Recyclers with these certifications are monitored to ensure that they are salvaging as much as possible from the old devices - including precious metals, plastics, and metals - and properly disposing of all toxic chemicals, preventing the contamination of water sources.
Furthermore, your e-waste recycler should provide you with written proof that they are destroying all of your data. If they are not able to do so, then you either need to hire another service to clear your data, or choose a different e-waste recycler.
If you do choose to resell your devices, you must ensure that the devices are completely free of your data. If you do not have any sensitive or personal data on your device you are most likely safe to restore your device and manual clear the data. However, if you do have sensitive or personal data on your device, simply clearly the hard drive might not remove all of the information giving an expert the opportunity to hack into it and find the data. Therefore, if you want to be on the safer side, it is best to encrypt your device before you put any information on it, so you can ensure that clearing your device and destroying the keys will actually remove your data. On many modern devices, if you set a password on your device, it automatically encrypts all of your information. Whenever you get a new device, make sure to look into its data storage policies and specific ways to encrypt it. If you are unsure and want to take a conservative approach, destroy only the memory storage hardware, and recycle the rest of the device.