January 26, 2018
When you’re going through the standard list of “things to look for in an ITAD provider,” ITAD insurance will probably come up. While insurance sounds critical, it’s often a red herring that can distract you from asking an ITAD provider more important questions. Promises of comprehensive insurance policies are unrealistic and unnecessary.
Get the policy details
Standard ITAD insurance offerings include indemnity for fines and penalties related to a data breach, covering loss of equipment and legal fees related to defense of data breach claims. There are unlimited options beyond that… but what do you really need?
Data breach insurance is a good basic box to check when looking for an ITAD provider. But there are many other aspects to your data security and the ITAD process that are more important.
Focus on the big picture
How much insurance coverage can repair the damage of a major data breach? $5 million? $10 million? The fact is, in the event of a major data breach, $10 million in insurance will do nothing to fix your reputation.
Insurance isn’t a panacea. Don’t go for the provider that touts the biggest ITAD insurance policy. Instead, check that box and move on to what security measures and environmental safeguards a potential ITAD provider offers.
More important questions include:
- How are the provider’s facilities secured? Are there multiple levels of security?
- What standards are used for HDD screening and wiping?
- Do they emphasize refurbishment over recycling?
- What do they do with HDD that fail the screening and wiping process?
- How do they manage the downstream recycling process?
Asking questions that go to the heart of the ITAD process allows you to assess how seriously the provider takes security and environmental issues. Your provider should be able to clearly articulate their ITAD process and hold current certifications from organizations that ensure security as well as environmental compliance, such as the R2 Standard.
Your organization can also guard against hardware-related data breaches by using a hardware asset management plan. Careful tracking of your equipment will ensure that nothing slips through the cracks — and that you are primed to get your best resale value once your IT assets are ready for disposal.
If your ITAD provider is selling fear, take a step back. There are real risks and consequences to poorly managed ITAD. But it’s far more likely that you are going to be facing unnecessary costs rather than a doomsday data-breach scenario.
Bottom line: it’s better to focus on a provider who has secure facilities and data-wiping practices than the one that advertises the most expansive ITAD insurance.