Corporate participation in the circular economy is on the increase. With growing public and media scrutiny into corporate ethics and social responsibility, sustainability is a business priority. One key area is the management of retired electronic equipment, specifically the recycling and reuse of things such as servers, laptops and phones, which in the era of big data turns the spotlight on information security processes.
Traditionally this may have been the responsibility of the company’s environment and corporate social responsibility (CSR) team. Today, with data protection high on the business agenda, responsibility for the management of information security at point of disposition also falls to the IT function. The growing trend of deploying individuals at board level with responsibility for information security has led to the rise of the chief information security officer (CISO) role, and a higher profile and board level buy-in for information security.
What many organisations have failed to recognise, however, is the need for a closer alignment between information security and CSR, and a co-ordinated approach to the management of electronic disposal. As a result, they are putting their brand, corporate reputation and finances at risk, as Chris Fox, regional director UK and Scandinavia at Sims Recycling Solutions (SRS), a global provider of electronics recycling and reuse services, explains.
He says: “Fundamentally the problem is a lack of transition. In recent years the environmental department has taken the lead on the recycling of electronic products on the basis that it was legislation driven and environmentally led. Today a key focus for businesses is data and how to safeguard it; on the face of it unrelated to CSR, yet the two are inextricably linked.”
Assigning responsibility for information security to an individual at the highest level of management can help to improve information management processes. In a Cost of Data Breach Study, it was found that a strong security posture prior to the incident can reduce the average cost of a data breach by as much as £15 per compromised record. The appointment of a CISO reduced the cost by £4. With these costs set to rise to £1.34 trillion globally by 2019, according to another study, these risk-oriented individuals will become increasingly more central.
“You need to know that your assets are ending up in the right place in terms of environmental stewardship and that the data they contain is being dealt with securely,” adds Mr Fox.
To recognise and mitigate the risks to the business, the information security and environmental functions must be closely aligned. Yet, as Mr Fox points out, in many organisations they are not.
He says: “The result is a lack of clarity around each function’s specific legal duties relating to the recycling and reuse process, and even who should be dealing with it. With such a fragmented approach, decision-making is ambiguous and that puts the organisation at risk.”
Corporations are regularly ranked on their environmental credentials, including the level of sustainability built into their supply chain and processes, and their adoption of the European Union’s “waste hierarchy” approach to sustainability – reuse, recycle and recover energy to avoid landfill.
When reuse of an entire asset isn’t possible, there is considerable value in parts recovery, where valuable components can be used to refurbish or remanufacture other devices, or sold on their own. The final stage of the life cycle is resource recovery by destruction, or urban mining, of valuable materials such as metals, copper, gold and plastics.
These efforts deliver value back to a business, helping to offset the cost of the disposals, while increasing the life cycle of a product and recovering materials. This also minimises harmful waste and reduces CO² emissions, as production processes of new equipment using recycled materials require less energy compared with using materials from ores.
Brand equity and corporate reputation are areas of business where sustainability actions, such as electronic waste management best practice, can bring benefit and add value for the simple reason that investors, talent and more internet-connected consumers are progressively making the link between the two, and proactively choosing the best performing organisations.
Conversely, media and public scrutiny of a less-than-robust environmental performance can inflict damage to both brand and reputation. And as new data protection laws came into force, it can also be financially devastating. Companies found to be in breach of the EU’s new General Data Protection Regulation, for example, can be fined up to 4 per cent of annual global turnover or €20 million, whichever is greater. This regulation is applicable for data concerning EU individuals all over the world.
The process is hugely challenging, particularly for organisations with global operations. Many sub-contract electronic end-of-life management, while others, when buying new computer equipment, hand the task of recycling their existing products to the company installing the new equipment. All this raises concerns over the chain of custody and who takes responsibility for each individual stage of the process, and increases the business risk.
By offering a standardised global service, which combines reuse and recycling within one business, SRS matches the needs of organisations today, ensuring data security, brand protection, convenience and maximum IT value recovery, while optimising material reuse and supporting the circular economy.
“Instead of engaging a transport company to collect the material for recycling, that hands it on to a reuse partner and then a recycler, and so on, our clients know that if we collect the material we are also the processor,” says Mr Fox. “Organisations have to be more aware of who is actually providing the service they are paying for. The easiest way to do that is ensuring they have clear visibility over the chain of custody their assets are passing through. Having fewer contact points and partners reduces the risk.”
With an increased reliance on digital technology and devices, electronic and electrical waste recycling and reuse is now a critical issue for business, not just with regard to the potential environmental and legal risk and repercussions, but as a way of differentiating themselves in an increasingly environmentally conscious marketplace.
The need for leaders of IT and environmental departments to understand their role in the process, their legal obligations and the risks when deciding what to do at the end of a product’s life has never been greater.
For more information on Sims Recycling Solutions, visit www.simsrecycling.com