SERI Seeks Clear Standards
As technology advances, so do the methods used to protect sensitive information. Sustainable Electronics Recycling International (SERI) understands the importance of ensuring that all remnants of data are removed when recycling electronics. SERI is working alongside R2v3 to ensure that all procedures meet SERI’s high standards for privacy and safety.
Enterprise organizations must sanitize IT assets thoroughly to avoid data breaches resulting in costly fines. This can be accomplished by using a certified IT asset disposition service. These providers prioritize security and sustainability and are essential for ensuring that data is properly handled. Personal information can be stored on countless devices, from smartphones and fitness trackers to garage doors and refrigerators. All data needs to be removed, regardless of the device, before getting rid of any electronic hardware. SERI states that a tendency has begun where “commercial software designed to sanitize data cannot always access new devices for data sanitization because of their unique proprietary design.”
SERI also acknowledged that “the intent is not to destroy working devices if a credible method can be used to reliably sanitize the data to the manufacturer’s specifications with transparency and accountability. Therefore, it is important to accept alternative data sanitization solutions which are proven to effectively remove data from the devices that will be resold,” the organization determined.
While most devices come with a “factory reset” option, this is not always enough to completely erase all data from the device. This can pose a problem for companies who are required to follow the R2v3 standard for data sanitization. In order to address this issue, SERI has put together a working group of experts to find a solution. They have also submitted a formal interpretation request to the R2 Technical Advisory Committee (TAC). Different types of devices may be affected by the analysis, including smart speakers, TVs, watches, fitness trackers, TV sticks, desk phones, thermostats, security devices, and gaming consoles with built-in memory.
Formal Results Released
On Nov. 29, R2 Standard Consensus Body approved TAC’s R2v3 Formal Interpretation #1.0 in response to whether term “software” applies solely to applications automating logical sanitization process and creating a record of deletion. After careful consideration, it was decided that “software” refers to any applications used to automate, control and record data elimination results. It was noted that on some devices, factory resets provided by manufacturers may be the only available option.
A product that is “directing, controlling and recording the manual workflow to sanitize the data” can be referred to as a “semi-automated application.” This term refers to a process that assists with data sanitization but does not automate it completely. The purpose of a semi-automated system is to provide a reliable record of data sanitization. This documentation is “more than a spreadsheet which can be subject to alteration or falsification,” as noted by SERI.
“Historically we have seen spreadsheets of media that have been sanitized. Spreadsheets lend themselves to errors in transcribing information and copying and pasting records, which leads to a lack of accuracy and accountability for each media/device sanitized,” SERI commented.
However, this interpretation does not apply to situations where the device is damaged, and software cannot be used to wipe it. In such cases, a factory reset will not be accepted.
ITAD For Circular Economy
As businesses increasingly rely on digital information, it is crucial that data is properly removed from retired assets. A certified IT asset management and disposition facility can ensure that an organization’s devices are handled in a way that focuses on security and contributes to the circular economy. These services are invaluable in protecting a business’s information and reputation. IT asset disposition services directly adhere to R2v3 standards and are a vital component of any conscious organizations plan for lifecycle management.