Secured e-recycling is no simple task. Aside from recovering reusable materials, recycling electric components, and repairing reusable devices, an e-recycler must make sure that any data contained in an e-waste device is securely destroyed. The mishandling of data in e-waste can easily become a security threat to the previous owners of the devices, whether they are regular individuals or government entities. On the other hand, industries that handle secure information such as credit corporations, pharmaceuticals, law firms, and banks are primary targets of sensitive data miners.
Storage media devices, like hard drives, can be accessed and reopened. Once accessed, malicious parties can harvest sensitive information, such as account information, private financial data, credit card numbers, or any records of online transaction.
Computers are often sent to be recycled even if only one component has been damaged. In most cases, hard drives are intact and functioning from thrown computers. Data harvested from these hard drives are used in identity thefts, scams, and fraud. One of the most notable incidents of security threat that arose from harvesting data from hard disks happened in Agbogbloshie, Ghana. Recyclers found United States government multimillion dollar contracts from Homeland Security, Transportation Security Administration (TSA), and Defense Intelligence Agency (DIA).
With the recent issues with secured e-cycling, the Asset Disposal and Information Security Alliance (ADISA) started recommending a standard on how to safely dispose electronic and information technology products. This standard is the IT Asset Disposal Security Standard.
ADISA has been founded on 2010. Its standard differs from region to region. The recommendation contains detailed policies from start to end of the e-recycling of IT waste and assets. Recycling centers can get certification from ADISA. This certification comes with regular auditing.
The IT Asset Disposal Security Standard recommends this process:
1. Computers to be recycled are transported in secured and locked vehicles.
2. Recyclers receive computers to be recycled.
3. Hard drives are extracted from the computers.
4. Hard drives are then shredded.
5. Aluminum, the most abundant material in hard drives, is extracted from the waste using an electromagnet.
6. All other materials are grouped together with other waste for further material recovery and recycling.
7. The extracted aluminum is sent to a recycling plant that specializes on aluminum.
8. The aluminum is converted to ingots.
In some cases, wherein the storage media device is still intact and completely reusable, recyclers are tasked to perform data wiping (can also refer to data erasure or clearing) on the storage media. This is a software based method to securely dispose of data. Recyclers often prefer to use this method to generate higher returns since physical destruction gives small amounts of recoverable materials, which sells significantly less than selling a refurbished product, and requires higher amounts of energy to be used.
Data wiping can be done in multiple methods. Note that data wiping is permanent unlike issuing a casual delete command inside an operating system. The usual delete command only removes pointers. Data wipes used in secured e-recycling facilities overwrite existing data with zeroes or with random or patterned combination of bits.