By Xperien CEO Wale Arewa
Governments across the world are still spending hundreds of millions of dollars on destroying and replacing perfectly functional IT equipment, including assets containing SSD storage. However, most of them are committing to sustainability improvements within their IT operations and are even testifying to having clear plans in place.
In today’s data-driven world, government and public service enterprises are responsible for managing, processing, and safeguarding some of the most sensitive – and potentially exploitable – information within society. The public services sector is undergoing several profound shifts in data management. However, some of the most promising areas for innovation also depend on some of the most sensitive data.
Public services organisations handle citizens’ Personally Identifiable Information (PII), Sensitive Security Information (SSI), as well as Critical Infrastructure Information (CII), to name a few. And all such data requires regulatory compliance and protection.
This is according to a recent report titled The Price of Destruction, the study explores the financial and environmental costs of public sector device sanitisation.
Cost of destruction
ITAD services enable governments to achieve maximum return on investment by utilising their IT infrastructure in a sustainable manner, ensuring that IT hardware (that is retired from current use) is sanitised, refurbished and redeployed into the circular economy – in line with the United Nations Sustainable Development Goal 12: Ensure sustainable consumption and production patterns.
These costs comprise the actual cost of destruction, the costs of buying new replacement drives, and even the costs of entire systems when they are completely destroyed.
The main drivers behind the physical destruction of these drives are a lack of awareness of alternate device sanitisation practices and older policies not considering the latest advancements in data sanitisation technology that provide purge-level data security without actual physical destruction.
In addition to this, there also appears to be an overreliance on incomplete data destruction practices, such as reformatting, which will significantly increase the risk for data breaches and additional related costs and penalties.
Service providers like Xperien are helping large corporates and governments manage their technology in a more ethical, sustainable and socially responsible way.
Under the spotlight
Governments and public services organisations have always been under the spotlight when it comes to spending, but with global e-waste projected to nearly double by 2030 and persistent calls to more environmentally aware government practices, it is increasingly urgent that government organisations consider sustainable alternatives that extend device life, maintain lock-tight data security on end-of-life SSDs, and ultimately save public services millions.
A strong recommendation is to work for increased awareness and regulatory reform, revisiting both policy requirements and tenders for sustainable SSD sanitisation when planning for extended asset lifecycles.
These are worthwhile and well-timed initiatives to explore as agency and national policymakers seek to steward financial, environmental, and digital information resources entrusted to their care. Now is the time.
Data breaches
Perhaps not surprisingly, we are witnessing a shocking increase in data breaches and data breach costs. For example, in the public sector, the average cost of a breach surged by 78.7 percent globally between 2020 and 2021, from $1.08 million to $1.93 million. By comparison, healthcare data breach costs increased from an average total cost of $7.13 million in 2020 to $9.23 million in 2021, a 29.5 percent increase.
This leaves the public sector with an enormous responsibility to its citizens, especially as the importance of privacy and data protection is growing among both citizens and lawmakers.
Indeed, 69 percent of countries globally have data protection and privacy legislation in place.
Laws such as the Protection of Personal Information Act of 2013 (POPIA) and General Data Protection Regulation (GDPR) direct organisations of all types on how personal information can be used and how it must be managed, distributed, and protected – including when data or data-bearing assets reach the disposal stage.
Within the public sector, additional regulations and policies govern the secure disposal of classified or secret data, as well as non-classified data, stored on data-bearing assets.
Sustainability
Governments across the world are also deeply involved in sustainability initiatives, establishing programs such as the Greening Government Initiative out of the U.S. and Canada, Singapore’s Green Plan, Germany’s Sustainable Development Strategy, and France’s Climate Plan.
These are just a few at the national and international levels, with local government bodies launching additional programs. Many of these initiatives aim to address emissions, renewable energy, and waste reduction, raising the importance of having a sustainability focus within agency operations.
The Implications
So, what does all this mean? Most government and public services organisations store a great deal of data on solid-state drives (SSDs). These drives are in the cloud, in on-prem data centres, and used within various devices, such as desktops, laptops, or even multi-function printers.
According to this global study of government agencies, whether because of a technology refresh, a data migration project, or other causes for decommissioning or retirement, internal government policies often (40 percent of the time) dictate these drives be physically destroyed at end-of-life to render classified or secret data permanently irretrievable.
However, there are other secure options of sanitisation that are financially and environmentally more beneficial, particularly when compared to some physical destruction techniques. Non-destructive methods such as software-based data erasure or encryption are typically welcome for IT assets used for non-classified data.
Yet, as results from our global survey show, even these SSDs are often destroyed out of perceived ease, an abundance of caution, and potentially, a lack of awareness of policy details allowing non-destructive options.
In the end, unnecessary SSD destruction increases IT operations and materials costs for fiscally constrained public sector organisations. It also fosters increased electronic waste (e-waste) creation during a global call for more prudent environmental stewardship.
