The hardest thing to do with a computer isn’t buying it or setting it up or using it or fixing it.The hardest thing is throwing it away.
To dispose of just one PC without exposing sensitive personal or corporate data, without running afoul of environmental regulations and without wasting what can be reused requires planning and time and, yes, money.
And that’s just one PC. According to the International Association of Electronics Recyclers, about 100 million pieces of computer equipment a year are being added to the massive heap of what’s called “e-waste.” By 2010 that heap will contain 1 billion units of computer equipment.
Out of all that junk, only 40 million CPUs, monitors and printers annually are properly “demanufactured” to safely dispose of the hazardous waste encased inside and to recycle the reusable materials.
Every computer contains more than 30 elements, many of them highly toxic. Deconstructing them is the disposition business. And it’s booming. The business of throwing away computers is growing faster than the market for buying them.
For CIOs, it’s time to create a plan for safely disposing of your computers. Most companies don’t have this kind of plan. Heck, most companies don’t even know where their old computers are. Recyclers talk about discovering thousands of machines that no one knew even existed, piled up in closets. Out of sight, out of mind.
Maybe junking those old Pentium IIs is something you’ve been meaning to get around to. Maybe it’s on your to-do list but way down. You have, what, hundreds of computers to get rid of? Thousands? What to do?
Step 1: Find them. Decide what to do with them.
Your choices: Redeploy, sell, donate, chop up for parts, chop up for recycling
Before you get rid of a computer, you have to find it. Stampp Corbin, CEO of information technology disposition company RetroBox, recalls one company that had 9,000 employees on its books but 23,000 computers, many of which were dead and stacked in hallways, closets, attics and basements. That translates to about 2.5 PCs per employee. “Typically, thousands of machines come out they didn’t even know they had,” Corbin says.
After you find your machines, you need to sort them by their likely fate—redeployment, resale, donation, chopped up for parts or chopped up for recycling.
Situations vary, and as computers surface the CIO and the disposition company should build a reverse logistics plan. Bold CIOs will create a repeatable disposition process, an end-of-life asset management plan as comprehensive as their asset deployment plan.
Step 2: Get rid of the data.
Your choices: Do it yourself or get someone to do it for you; save or destroy the hard drive
Hard drives must be wiped. This is not optional. The risk of not wiping drives—the potential liability if sensitive information gets out—easily justifies the cost of doing it. Two years ago, the state of Kentucky got rid of computers that still contained confidential files naming people who had AIDS and other STDs. In May, the state of Montana disposed of hard drives that still had Social Security numbers and medical records on them. Then there are the risks of losing computers in transit or even of competitors trying to get their hands on them.
Data wipes come in several flavors, each with pros and cons.
First, decide if you’ll sanitize the drives at your site or if you’ll ship them off to the cleaning company’s site. Bringing the cleaners to your site is more secure—and pricier. If you send the computers out, put a BIOS password on their systems to prevent access to their drives.
Next, decide if you want to do a basic wipe, a government wipe or more. A basic wipe will write a 0 on every drive sector in one pass. A basic wipe is fastest and cheapest, but it leaves traces. Motivated hackers, could possibly retrieve the data under the 0s.
The Department of Defense standard 5220.22-M dictates a stronger scrub. The so-called government wipe makes three overwrites on the disk. The first wipe puts 0s on sectors, the second, 1s, and the third, a random character. The more times the process is repeated, the less likely anyone could get anything off the drive.
More scrubbing means more time (and money). A single overwrite on a 40GB hard drive can take 20 minutes. A government wipe can take up to three hours.
A more secure option exists: degaussing, in which a giant magnet delivers negative and positive jolts to the hard drive, destroying it. But since the hard drive accounts for about two-thirds of the recovery value of an old PC’s parts, degaussing carries a steep cost.
Step 3: Finally, send them to their reward.
The disposal guys call it “shred, grind, separate, refine, smelt, melt and pelletize”
After their disks have been wiped, computers head off in various directions. Some get a light dusting and a technical refresh and are shot off to the secondary market for resale. Others are pegged for donation. Companies with a truly thorough asset management plan might even redeploy some, turning old desktops into, say, Linux servers. Older, less useful computers can be cannibalized for parts.
After all that, what’s left are the dregs.
The dregs include three types of materials: recyclable commodities, recyclable precious metals and poison. (See “The Weight of Waste,” Page 70.)
Proper disposition gets labor- and cost-intensive here. Computers take time and a lot of labor to disassemble. According to one published report, a disposition company once told the Government Accountability Office that to remove the lithium battery from a single Hewlett-Packard computer required the removal of 30 screws.
Once a computer has been disassembled, the parts that have no reuse value head off to a violent death. They will be run through any number of large, expensive machines in a process the International Association of Electronics Recyclers describes as “shred, grind, separate, refine, smelt, melt and pelletize.” Different materials are ground into different sizes, from the size of a quarter to the size of a pinhead.
Metals and plastics are sold to dealers by the pound. Toxic waste is shipped off to an environmental disposal company. Precious metals are dealt with as well. Some disposition companies perform these processes themselves. Others offload the heavily regulated toxic waste disposal and partner with companies that specialize in those specific environmental processes. (For more on the disposition business, see “Worth Its Weight in Waste,” www.cio.com/100105.) CIOs should make sure that the disposition and environmental disposal companies they deal with carry “errors and omission” insurance as well as pollution insurance.
–Senior Editor Scott Berinato can be reached firstname.lastname@example.org