With the global PC installed base expected to reach 1.5 billion by 2012 and smart phone use now ubiquitous in most of the developed world, many companies are confronting a vexing side effect: The problem of IT asset disposal (ITAD) has gone global in scale.
For many IT managers, ITAD is an expensive headache, a line-item expense whose sole value is avoiding legal exposure. That is the principal reason so many companies now use service providers to manage their domestic ITAD needs. Internationally, however, the problem is considerably more complex. Now a new breed of global ITAD provider is emerging to deliver customer benefits in some surprising ways.
The E-Waste Crisis
The rapid economic development of densely populated countries like India and China has made “e-waste” a worldwide phenomenon. Here are just a few statistics:
- Americans disposed of 2.5 million tons of electronic equipment in 2007, more than twice the amount generated in 1999, according to the Environmental Protection Agency;
- An estimated 70% of heavy metals in U.S. landfills comes from discarded electronics, even though the equipment itself represents less than 3% of landfill volume;
- Between 20 million and 50 million tons of e-waste are produced worldwide every year, according to the United Nations Environment Program (UNEP). Europe alone accounts for about 9 million tons.
- E-waste is the “fastest growing component of municipal waste” in India. It is expected to exceed 470,000 tons annually by 2011.
- More than 30 countries now have laws that enforce electronics recycling.
- Nineteen US states have passed laws requiring the recycling of old electronics. Thirteen other states are considering laws.
The United States has a relatively sophisticated ITAD infrastructure. Thanks to a profusion of environmental and data disclosure regulations, a healthy industry has built up around firms that specialize in safe and secure disposal of sensitive equipment.
That is not the case overseas, however. In many countries, asset disposal is handled by a patchwork of small businesses, many of whom know little or nothing about data cleansing and hazardous waste disposal and who know or care little about liability laws. In some cases, they are enabled by government officials who looked the other way when violations occur.
Unfortunately, the actions of those local service providers can damage the US parents of the subsidiaries with which they do business. That’s because US regulations regarding information security, privacy protection and environmental protection usually hold the parent company liable for violations by their subsidiaries in other countries. The penalty for violations extends from fines to reputation damage to jail time. Brand value is at greater risk today than ever. In a constantly connected world, individual blogs and tweeters can prolong a company’s exposure to negative publicity long after the headlines have receded.
Consider the following scenario: a foreign subsidiary of an international financial institution has access to the master data records of the corporate parent. An employee of the subsidiary downloads that information to a local spreadsheet for legitimate business purposes. Six months later, that computer reaches the end of its lifecycle and is handed over to a local disposal agent, who disassembles it, disposes of some components and sells other parts to local buyers. Soon afterward, a case of identity theft in the US is traced back to a disk drive from that computer that has turned up in a local flea market. The corporate parent is prosecuted by regulators and sued by aggrieved individuals over the actions of the local disposal agent, who may even be unknown to people at headquarters.
Scenarios like this are increasingly plausible as storage and connectivity capacities grow and remote locations become full players on the corporate network. An international company’s weakest security link is increasingly its local offices. Local laws and governance principles may vary widely, but as far as US regulators are concerned, corporations are liable for all their far-flung operations.
Meanwhile, data breaches are becoming an increasingly pressing problem both in the US and internationally. The Identity Theft Resource Center reported 656 breaches covering more than 35 million records in 2008. The number of breaches fell to a little less than 500 in 2009, but the number of records exposed increased over 600% to 222 million. In addition, the problem is also growing overseas. For example, UK businesses reported 356 data breaches to the Information Commissioner’s Office in 2008. Government authorities say that the actual number of incidents is almost certainly higher because not all cases are reported.
Critical Issues in Global ITAD
If the US ITAD market is fragmented, then the global market is perhaps best described as atomized. Lack of standards and inconsistent local oversight can lead to wide variations in the quality of equipment disposal, depending upon the region. This is particularly true in underdeveloped regions.
This situation forces US-based businesses with international operations to make some unpleasant choices. The cost and complexity of putting “feet on the street” to oversee ITAD in offices around the world is prohibitive. However, centralizing ITAD in the US carries huge transportation and customs costs if obsolete equipment must be shipped back to the home office for disposal. Faced with this no-win situation, many companies opt for federated solutions. They set standards at a corporate level and mandate compliance within each region of the globe.
There are several shortcomings to this approach. Unless hands-on oversight is provided, local entities may choose to do what is most convenient on the theory that corporate will never find out. Standards enforcement is difficult; the procedures needed to ensure compliance with US regulations may be unknown or misunderstood in remote offices or the necessary services may be unavailable from local suppliers. Resistance to central direction and allegiance to local relationships may drive business to vendors who don’t meet corporate guidelines. Language barriers and local culture may also play a role.
Standards bodies, liability laws, enforcement procedures and remediation tactics vary by country. In addition, regulations are continuously changing, meaning that businesses must be vigilant of developments in each country in which they operate. This is expensive if administered from a central location and nearly impossible to manage in a distributed manner. The more globalized the operation, the more complex the task. Local representatives are usually best equipped to resolve any overlap or conflict with US regulations, but they may lack the skills or knowledge to manage compliance at all levels. Maintaining legal representation in all geographies is not a cost-effective option in most cases.
A federated approach also presents challenges to internal operations:
- Recordkeeping may not be standardized across international offices due to acquisitions, local regulations, systems and software variations or lack of training and oversight;
- If reports from field offices need to be consolidated at the home office, extensive staff time may be required to consolidate and validate this information across dozens of subsidiaries. Formatting and compliance by remote operations may be inconsistent, which introduces delays and increases the possibility of error;
- Language variations lengthen communication cycles and may require professional translation services;
- Currency conversions and fluctuations must be accounted for;
- Administrative overhead is incurred to audit and enforce local reports, particularly if such audits require personal visits.
Many of these complexities involve significant time commitments, and time is not on the side of businesses in this regulatory climate. US regulators are demanding shorter-than-ever turnaround times for legal discovery and imposing penalties for missed deadlines. Companies may not use complexity and lack of resources as excuses. A single remote office that fails to file timely reports may subject the whole company to penalties.
The Five Benefits of Global ITAD
Some ITAD companies are stepping up to the challenge of managing their clients’ global needs. They are doing so at an unprecedented time of change. The swelling volume of end-of-life equipment combined with increased regulatory pressure both at home and abroad is making the cost savings of global ITAD more compelling than ever.
Global ITAD provides customer benefits in five areas:
- Customers have the peace of mind of knowing that their end-of-life equipment is being handled in a manner that meets all US regulatory guidelines as well as local regulations in other countries. Any changes to the regulatory environment are immediately accommodated. All reporting is updated to reflect those changes and the customer has no need to monitor variations on a country-by-country basis.
- Full, standardized and integrated reporting of disposal activity worldwide is provided. This minimizes administrative costs and maximizes insight into the status of equipment as it moves through the disposal process. There is no need to communicate or audit reporting procedures at the local level since the process is managed by the ITAD provider. Reports meet all US and local requirements.
- At the customer’s option, reports can be integrated with a customer’s internal asset tracking and ERP systems. This can not only significantly reduce staff time spent consolidating and transcribing reports but also minimize delay and reduce the risk of error.
- Customers have access to the provider’s expertise and global intelligence network. Customer or regulator requests can be routed speedily to an expert with the necessary domain knowledge.
- A professional ITAD firm can identify opportunities to mitigate costs, maximize recovery values, and increase efficiencies. For example, a service provider can identify remarket able components and redeploy them to resellers or its own internal supply network and pass along recovered value to the customer. The provider’s extensive knowledge and experience also enables it to identify inefficiencies in a customer’s existing disposal process and recommend improvements.
The Global Difference
Global ITAD providers should deliver the highest standards of quality, industry knowledge and regulatory compliance. Disposal operations must not only meet US standards, but also all local regulations. Consider years of service, domain knowledge and global footprint in choosing a partner that provides peace of mind that equipment will be managed with the utmost security and protection.
Insure that the service provider’s partners are required to meet rigid guidelines for responsible practices before they can become part of the company’s global ITAD network. You should also seek a company that can work with its customers to manage local regulatory issues. An ITAD provider that is already supporting multi-national organizations should have the infrastructure and expertise to stay up-to-date with regulations in each region it serves.
Reporting and audit systems should be mature and field-tested by hundreds of client engagements. Ideally, reporting should be Internet-based, making it simple for clients to track and manage ITAD from multiple locations. Market expertise is critical. The provider should employ a staff of seasoned professionals who make it their business to understand regulations in each country in which the company operates. If a regulatory challenge emerges, these people must be willing to work with regulators and customers to quickly resolve any issues.
A small number of supply chain services companies have the capacity and expertise to deliver on the challenge of providing true global ITAD services. When choosing one of these partners, look for one with wholly owned processing facilities in key locations around the world and partnerships with responsible local providers to deliver services in dozens of other countries.