Draft:IT Asset Disposition
ITAD
From Wikipedia, the free encyclopedia
IT asset disposition (ITAD) is an entire specialized industry that is the culmination of decades of evolving best practices around how bulk electronic waste is disposed, which involves processes to secure data, comply with corporate data destruction policies, and to adhere to environmental laws. ITAD vendors manage that process of decommissioning hardware which includes including servers, workstations, laptops, mobile devices, and networking equipment.
 | Review waiting, please be patient.
This may take 2 months or more, since drafts are reviewed in no specific order. There are 4,276 pending submissions waiting for review.
Where to get help
How to improve a draft
You can also browse Wikipedia:Featured articles and Wikipedia:Good articles to find examples of Wikipedia's best writing on topics similar to your proposed article. Improving your odds of a speedy review To improve your odds of a faster review, tag your draft with relevant WikiProject tags using the button below. This will let reviewers know a new draft has been submitted in their area of interest. For instance, if you wrote about a female astronomer, you would want to add the Biography, Astronomy, and Women scientists tags. Editor resources
Reviewer tools
|
ITAD is distinct from general electronic waste recycling. While recycling is one component of the disposition process, ITAD encompasses data destruction, chain of custody documentation, and serialized asset. The compliance documentation ultimately produced includes a per-device certificate of destruction to serve as evidence of regulatory compliance under relevant frameworks such as HIPAA, the Gramm–Leach–Bliley Act, Sarbanes-Oxley, and the General Data Protection Regulation.
History
Early development (1980s–1990s)
Before personal computers became standard corporate infrastructure, business computers were mostly composed of mainframes and minicomputers that were rarely replaced.[citation needed]
Organizations disposed of ewaste informally: auctions, donating to schools or nonprofits, with general office waste, or leaving it in storage. Data security implications were not understood.
Academic research (2003)
The first systematic academic documentation of the risks of hard drive disposal came from researchers Simson Garfinkel and Abhi Shelat, published in the January/February 2003 inaugural issue of IEEE Security and Privacy under the title "Remembrance of Data Passed: A Study of Disk Sanitization Practices."[1]
The researchers purchased 158 used hard drives from sources including eBay, used computer stores, and swap meets, and analyzed their contents. Of the 129 functional drives, 28 had no attempt at erasure whatsoever. On one formatted drive, more than 5,000 credit card numbers were recovered. Other drives contained medical records, personal financial records, and what appeared to be records from an ATM machine in Illinois. The study concluded that the secondary hard drive market was a risk, and that standard practices such as the Windows format command did not adequately remove sensitive data.[2] The paper became a foundational reference for both subsequent regulatory action and the formalization of the ITAD industry.
Regulations
The regulations that gave birth to ITAD came mainly from three pieces of U.S. federal legislation.
HIPAA
The Health Insurance Portability and Accountability Act (HIPAA), in 1996 [3]
Gramm–Leach–Bliley Act and FTC Disposal Rule
The Gramm–Leach–Bliley Act (GLBA) of 1999
Sarbanes-Oxley Act
The Sarbanes-Oxley Act of 2002.
See also
- Electronic waste
- Data remanence
- Data sanitization
- NIST Special Publication 800-88