Investigating Profit Opportunities from IT Disposal
By: Jonathon Kirby and Jenny Schuchert, IAITAM Inc.
The disposal of electronics including IT equipment has become a big business. The number of IT asset disposition (ITAD) vendors has expanded to the point that in a 2011 IDC report “Inside the US Electronic Recycling Industry,” 59% of those surveyed had been in the e-scrap business for ten or less years. There is a lot of money to be made during the disposal of older and outdated devices. It is time for the organization to re-examine disposal choices, especially to see if there are options that can be leveraged to return value to the organization as a revenue stream or as at least as a means of paying for that compliant disposal.
Delving into the choices requires understanding the Fair Market Value (FMV) for electronic devices. Fair Market Value (FMV) is the average price for a piece of equipment on the public market. IT equipment that is obsolete for the organization may still have value in the market, purchased by individual consumers, smaller businesses and perhaps even a mid to large size organization. Value preservation fluctuates, with age, use, condition and popularity as some of the important criteria that drive FMV. The emergence of the mobile market for organizations has led to a market for recertified or refurbished devices as well as created a continual stream of mobile devices to be disposed.
The results of these factors are that IT asset disposal is more than finding a way to turn electronics into waste. Setting security concerns aside, here are some of the pathways that the organization might leverage:
- Resale/Internal Selling: Consider the employee working with equipment that they do not own. During a technological refresh or other end-of-life event, that “old” equipment is being disposed of and replaced. That employee may be interested in acquiring that older equipment for their own use, adding to their own bevy of devices. Personal budgets are being stretched with the number of devices and the plans to go with those devices. The resale of older devices with high computing capability (such as laptops) or those that are still novelties are an easy target for money generation for the organization
- Equipment Auctions: This approach is a riskier option, but has the potential for major revenue gains for an organization. This method is essentially an online auction where the old devices are put up for sale and people compete to purchase. The risk is that the FMV is not reached during the auction reducing the organization’s ROI on the device. However, with the risk comes reward potential as items can sell well above their FMV. Careful planning and research can maximize the leverage this option holds for an organization
- Charitable Contributions: These contributions are more soft-dollar savings than a hard-dollar revenue generation, through a tax write-off, community good will and positive PR.
- Component to Element Cannibalization: Taking a device and breaking it into its individual parts and then selling it can be beneficial in multiple ways. For components, high-value metals can be trapped in low-value parts (think very old motherboards) that give a higher return at a scrap yard then the device would get at auction. Also, some parts within IT equipment can be pulled and reused, saving future acquisition costs as well as disposal costs. The recycling of specific elements may cost money or deliver value, depending on the market for that element. Once again, Fair Market Value is important, but in this case, for the scrap elements and compounds and not the device itself.
- Vendor Trade-In: Some vendors provide credit toward future acquisitions or to offset the costs of the disposal of other devices. This approach can be hassle-free, but generates less revenue for the organization since the vendor is taking some compensation for their efforts. This strategy can be equated to trading in a car to a dealer for a new one versus selling the old car yourself.
- Selling to a Disposal Vendor: ITAD vendors often buy equipment from organizations to resell, refurbish and resell, or strip the device for materials with FMV. This approach leaves the work of figuring out the best choice to the vendor. For the organization, this approach provides steady and predictable revenue or credit for an organization, but at a lower rate that if handled directly by the organization
Any of the above strategies have the potential to defray the costs of disposing of other devices and perhaps earn profit for the organization. However, two criteria must be analyzed: The administrative costs of the program and the security risks associated with the choice. Some of the choices above involve specific knowledge and staffing to execute those steps. It is obvious from the growth of the ITAD vendor industry that organizations are choosing vendors to handle the processes and incur the administrative costs from special staffing, equipment and knowledge. ITAD vendors offer a portfolio of services as far back in the process as determining the FMV and choosing the disposition path for the device.
Ultimately, the success and profitability of any of these strategies depends on the security measures involved and the amount of risk that the organization is willing to take. IT asset management disposal processes include hardware as well as the software and data on the device. Without careful data security processes, the risk for unlawful data exposure or software propagated illegally escalates and a single violation can destroy the calculated financial position of the disposal program. Additionally, soft dollar costs from public relations issues and damaged reputation add into the impact of a problem. Choosing a disposition strategy or selecting a vendor requires understanding the risks and assessing the proposed processes.
Data Destruction Methodologies
There are several options to dispose of the information on hard drives and other data storing devices. Some are more effective than others, but also have an increased cost not justified by the risk. While there are special issues for certain types of devices (like mobile devices, solid state devices) some of the most common processes include:
- Overwriting: There are dozens of various data overwrite techniques, products, and options available to organizations. Governments often define categorize data destruction methodologies and US DoD specification for a triple-wipe is one such definition. The software replaces all the information on the hard drive with 1s and 0s three times to ensure that information cannot be retrieved. Cost-effective, efficient, and accomplished without damaging the device, this is a popular option
- Degaussing: Degaussing is the process of hitting a hard drive with electrostatic and magnetic pulses. This methodology scrambles the data on the drive but also destroys the operation of the drive. Risk mitigation is high for this technique
- Physical Destruction: There are a number of choices for physical destruction, from the simplistic smashing or hole punching to machine shredding and acid. Destruction techniques vary greatly when calculating the risk that remains. Shredding varies in the size of the pieces as does grinding, with escalating time and cost with smaller pieces. Acid washing a hard drive (exposing it to caustic/corrosive chemicals) and phase transference (the liquefying or vaporization of a disk drive) are other options. Physical destruction usually requires special equipment and has higher costs, but in general has little remaining data loss risk compared to other techniques. , The only exception is the most simplistic of destruction techniques such as the “sledge hammer” technique
Balancing Cost Assessments and Risk Assessments
With several avenues for funding disposal and multiple selections for data security, the next step is to identify how to best maximize the results for the organization. Risk assessment is an integral part of the disposal program, right along with the costs (or profits) from the program.
Cost assessments determine whether the ROI for devices is maximized while the risk assessment examines the data security incumbent at that level of ROI maximization. Factors to include for risk assessment include analyzing who owned the asset, and how sensitive the data is for the organization.
Who originally owned the asset can be a factor on whether more profitable disposal options can be considered. While any device has data and software risks, the ownership and use of the device can escalate the risk for disposal depending. That risk is likely dependent on the employee’s role within the organization and the sensitivity of the data they have access to.
The risk assessment next examines the data itself for sensitivity and impact. The more extensive data security requirements are; the more likely costs are incurred. Since the idea is to maximize ROI for the organization, it is an important step in the risk assessment process to identify just how important and sensitive the data is on an asset.
In addition to data breach and software loss minimization, the risk assessment also needs to examine the possibility of disposal violations. With the attention of governments focused on the toxic wastes in electronic devices, the consequences for improper disposal are likely to rise. Clean up costs and fines can take an ROI-generating disposal process and destroy it. There is money to be made in the disposal process but only if the proper steps and safeguards are in place.
Jonathon Kirby is a Content & Development Specialist at IAITAM and Jenny Schuchert is the Content Director.