by Dag Adamson
Approximately 1 billion units of computer equipment will become potential scrap by 2010 according to the International Association of Electronics Recyclers. Is now the time for your company to decide how to deal with outdated computer equipment that is currently stockpiled in empty offices and closets? Outsourcing this responsibility to an expert can simplify the process and ensure safe disposal of the equipment. However, an ill-conceived asset retirement program may expose your company to potential data security risk and environmental liability.
With careful planning and the right partner, you can save time and resources, while mitigating privacy risks and environmental liabilities specific to your industry. When selecting an asset retirement partner, it is important to work through the following five steps:
1) Evaluate Your Existing Asset Retirement Process and Goals
Decide what issues are the most critical to your company, including what has and has not worked in the past. Which objectives are most important to your organization?
  • Environmental compliance
  • Data security
  • Reliability and logistics
  • Auditing and reporting
  • Compliance with internal policies
  • Cost

Think through the ramifications for your corporate strategy beyond the immediate project needs. The vendors that you consider should carefully assess your needs in order to co-develop strategies

that fit your corporate structure and objectives. If you don’t have accurate and up-to-date records of your technology assets, your first step will be to conduct an on-site inventory. Next, you’ll need to consider the various disposition options and the costs associated with each.

Enterprises can no longer count on selling off their used assets at a profit because most technology rapidly decreases in value. Be aware that reselling is not a simple process. If you do decide to resell,
you’ll need to be able to track the equipment and obtain proof that hard drives have been completely erased. The cost of logistics may also outweigh a meaningful investment recovery. Recycling may

therefore be your best alternative. Other forms of disposition worth considering include: internal redeployment, sales to employees, and charitable donations.
In evaluating which options are best for your company, you should weigh the labor required and the risk factors associated with each approach. Cost estimates for outsourced asset retirement programs can vary widely—be sure to include retirement costs and downstream iability into your overall cost calculation. In addition, you should assess the cost of your own internal labor and expenses associated with managing the logistics of equipment removal and disposal.
2) Conduct Due Diligence On Potential Vendors
Electronics recycling is a rapidly changing and growing global industry. Beware of vendors who promise to take your equipment for little or no cost. If they claim to offer “free” asset retirement, how likely are they to comply with complex environmental protection and data privacy regulations? If your equipment is improperly disposed of, it may come back to haunt you in the form of fines, clean-up costs, and negative publicity.

Other factors to consider in assessing potential vendors include:

  • De-manufacturing process and capabilities
  • Environmental compliance record
  • Data security safeguards
  • Operational processes — are they well documented?
  • Is there a robust audit trail?
  • Shipping capabilities and processing locations—can they accommodate the location(s) of your equipment?
  • Insurance coverage—do they maintain Pollution Liability insurance?
Be sure to check references and examine the vendor’s experience with other firms in your industry. Do they have a history of long-term relationships, or just a series of one-time projects? Consider a site visit to inspect their processing facilities and see first hand how they deal with materials. Finally, find out what level of support your organization will be expected to provide.
3) Consider Methods and Risks of Data Destruction
Proper data destruction is critical in order to avoid industrial espionage, lawsuits, and/or government penalties resulting from improper disclosure of confidential information in violation FACTA (the Fair

and Accurate Credits Transactions Act) and other laws. All asset retirement vendors should possess a baseline capability of data destruction that meets Department of Defense 5220-M standards. In addition, health care and financial services enterprises must comply with various federal laws that impose significant additional data security safeguards. These regulations include HIPAA (the “Health

Insurance Portability and Accountability Act”) and GLB (the “Gramm-Leach Bliley Act”).
Questions to consider:

  • What is the vendor’s data destruction process?
  • What are the various options available (e.g. software vs. physical destruction)?
  • What kind of quality control mechanisms does the vendor maintain in order to ensure that the data is actually destroyed? Do they undertake a sampling process and/or disk inspections via computer forensics?
  • What kind of on-site security systems are in place at their facilities in order to ensure protection of your equipment?
  • Does the vendor maintain an errors and omissions insurance policy in the event that some of your data is accidentally disclosed?

4) Evaluate Environmental Stewardship and OSHA Compliance
Is the vendor committed to complying with your company’s environmental policies as well as industry, state and local regulations? Environmental regulations vary widely from state to state. Does the

vendor maintain a library of up-to-date summaries of these regulations that are available for your review? Do they employ a full-time Environmental Director and dedicated operations team who will closely monitor your asset retirement program? Are they registered with the EPA and are they able to provide you with a registration number? Are they approved as collectors or processors by the state in order to participate in government-supported programs?

Lastly, confirm that the vendor has the appropriate facility permits such as storm, water and air quality approvals. Also, find out what testing they perform on their employees for exposure to lead and other

hazardous materials.

5) Assess Reporting and Tracking Capabilities
There is more to reporting and tracking than issuing certificates of destruction. Anyone with a laser print can create a “recycling certificate.” Certificates provide no protection if the vendor is disposing

of your company’s assets improperly. Vendors should be prepared to provide you with detailed tracking reports, Bills of Lading, and inventory documentation in order to prove that the assets were properly transferred and disposed of.

The Comprehensive Environmental Response, Compensation, and Liability Act (“CERCLA” – commonly known as the “Superfund law”) gives the EPA the power to impose fines and to hold your organization responsible for remediation costs – regardless of whether title to the assets in question was transferred to a third party. Make sure that you thoroughly investigate a potential asset retirement vendor’s compliance with all federal, state, and local environmental laws in order to minimize potential liability.


What kind of documentation does the vendor maintain concerning its internal Environmental Management Program or “EMP”? Does the vendor have a well-documented operational process and

maintain strict internal controls in order to ensure that all materials are handled and disposed of properly?

In the final analysis, you need to select an asset retirement partner that you can trust to manage the full range of “end of life” issues. The right resource can provide you with peace of mind in terms

of: mitigating risk, ensuring regulatory compliance and enabling your organization to focus on its core competencies.
Reprinted from ASSET 2.0, the Investment Recovery Business Journal, Vol. 3, 2006

© The Investment Recovery Association