At the IAITAM Annual Conference and Exhibition in Las Vegas last October there was a significant depth of interest in ITAD; an ITAD Vendor was a platinum sponsor of the conference, a whole track with many interesting sessions was devoted to ITAD, and in the exhibition hall at least a third of the exhibitors were from or related to the ITAD industry.
This made me think about how ITAD is viewed in North America as a whole, and I had many conversations about how that view has changed over the recent years. It was also interesting to make comparison to my own experiences of the UK ITAD industry.
After talking to some of the other international delegates, and listening to their comments about the stark differences in attitudes to ITAD in their home countries versus North America it really did show that North America is rather advanced in both its processes and attitudes towards disposing of IT assets. Speaking with one of the vendors at the conference they highlighted a significant swing in attitude around the purpose of the ITAD industry in the past few years. The table below represents how that view has shifted.
Requirement |
2011 |
2006 |
Data Security |
1 |
4 |
Auditable Process |
2 |
3 |
Verification and Reconciliation |
3 |
2 |
Customer Engagement |
4 |
5 |
Maximising Value |
5 |
1 |
Looking back a few years to 2006, the industry view as to the primary reason why customers engaged with an ITAD vendor was about maximising the returnable value of the assets that had been identified as for disposal. Customers were interested in verifying what had been received, but this was more to ensure that no potential value was left untapped. Data security and other requirements were a consideration but far less significant. However the overall engagement of the customer was one which really left the disposal vendor to their own devices, they wanted quick collections and then quick return of value. Rarely did they visit facilities to see the processes that were undertaken on their assets; rather they relied on the quality of the relationship to verify process.
In 2012 the ITAD vendor in North America is aware that data security is paramount for the customer. Much larger proportions of assets are data wiped at the customer site. If this is not possible then the customer expects a rudimentary form of drive destruction and a secure transport back to the disposal facility where full destruction takes place. Customers will visit ITAD vendors to witness the processes employed and ensure adherence to standards.
They want to see an auditable process, they want to know that their data has been secured and they need to fully verify that the asset chain of custody has not been broken. This is because the legal requirements for the management of data security can be punitive in the event of a breach. Maximising the value returned from the disposed assets is much less important than it was five years ago. Indeed many organisations stipulate that the return of value is insignificant by comparison to the cost of a data or environmental breach and therefore require all assets to be pulverised, whether they were saleable or not.
So how does that compare to the other parts of the world? Certainly from a UK perspective there is definitely a focus on maximising returnable value. Process is important, but as there is not the same level of punitive costs in the event of data breach, it plays a secondary role to reclaimed value; for example, there aren’t that many ITAD vendors who offer data wipe on site.
Because of the lack of punitive regulation, those companies with assets to dispose do not have the same level of concern as in North America about the onward life of their assets. The attitude is similar to that of a few years ago in North America. Having had a number of conversations with UK disposal vendors over the past few months, there is a consideration that data security is obviously important, but just not to the same extent that it is in North America. Maybe the legislation here needs to change in order for disposing companies to require ITAD vendors to provide rigorous chain of custody, process auditability and data security as standard.