TASB Risk Management Fund

Are You Retiring Your Electronic Devices Safely and Compliantly?

October 07, 2019 Nicole Callahan and Lucas Anderson

Your organization’s laptops and mobile devices house personally identifiable information (PII) such as birthdates, addresses, social security numbers, medical records, and bank account numbers. If you sell, donate, or dispose of electronic devices without properly wiping them clean, all that PII goes with them.

Ultimately, the organization could be held liable for releasing sensitive information. You also have to consider the reputational damage that often comes with violating public trust. The good news is that you can protect your organization and its stakeholders by managing your electronic waste in an environmentally safe and legally compliant manner. 

What is e-waste?

Electronic waste, commonly referred to as e-waste, is any electronic device that has been discarded by its former user. Many organizations sell their used electronics or send them to a recycling site. The recycler recovers usable parts and whole computers for resale or reuse.

Leftover material is sent to another recycler for further disassembly. Used electronics become e-waste when the recycler decides the material cannot be further reused, disassembled, or recycled. 

E-waste by the numbers

According to the University of Columbia’s Earth Institute blog, 49 million tons of e-waste were discarded across the globe in 2016. That number is on track to grow to 60 million tons by 2021.

The amount of e-waste produced worldwide is growing at a rate of 1.8 million metric tons per year, and there is no sign it will slow down:

  • Each person in the US produces about 50 pounds of e-waste per year.
  • Only 12.5 percent of e-waste is recycled, and 87.5 percent goes to a landfill or incinerator, according to Environmental Protection Agency estimates.
  • Older computer monitors such as cathode ray tube monitors contain an average of nearly eight pounds of lead, which is highly toxic to people and the environment.
  • The average circuit board is 26 percent heavy metal, which contains carcinogens.

Choosing a vendor

A qualified e-waste vendor provides peace of mind that comes with knowing your equipment is being disposed of compliantly and in an environmentally sound manner.

When evaluating vendors, ask whether they follow these best practices:

  • Maintain proper insurance coverages, such as pollution liability
  • Dispose of equipment according to environmental, federal, state, and local laws, regulations, and requirements if it cannot be recovered, refurbished, repaired, or recycled
  • Destroy and recycle data-containing components rather than reselling them
  • Remove and destroy all asset tags, service tags, and other identifying information from equipment before it is reused, refurbished, or recycled
  • Wipe hard drives according to US Department of Defense standards, including DoD 5520.22-M
  • Maintain appropriate, accurate, written records of material management, and allow your organization to audit the records to ensure all e-waste was properly processed
  • Provide printed or carbon copies of every signed manifest and shipment form to your organization
  • Deliver a Certificate of Destruction, which certifies that equipment and components were destroyed according to applicable laws, as well as detailed transaction reports after completely processing electronics

Transferring equipment to students

Sometimes, districts choose to transfer equipment to students rather than disposing of or recycling it. Under TASB Policy CQ (Legal), districts must do the following before transferring data processing equipment to students:

  • Adopt rules governing transfers, including provisions for technical assistance to the student by the district
  • Determine that the transfer serves a public purpose and benefits the district
  • Remove from the equipment any offensive, confidential, or proprietary information, as determined by the district

Expert help from the Fund

The Fund provides cybersecurity and data privacy coverage, guidance, and resources to members of the Property and Liability programs. To report a Privacy and Information Security claim, call the Fund at 855.295.8344. For more information about cybersecurity or to request guidance on this topic, contact TASB Privacy and Cyber Risk Consultant Lucas Anderson at lucas.anderson@tasb.org or 512.505.2893.

Tagged: "cyber security", cybersecurity