When it comes to getting rid of old assets, "the right thing" is also good business practice. Most companies pay strict attention to these regulations while IT assets are in service, but it's easy to take your eye off the ball when you remove assets from service…just when they are most vulnerable.
In the US, at a minimum, e-waste (electronic waste) must be managed in accordance with the Resource Conservation and Recovery Act (RCRA). Failure to do so – even by the simple act of sending materials to a non-compliant recycler – could result in your company being found responsible for illegal waste management. And making the picture even more complex, in addition to National and International regulations individual states have passed legislation around end-of-life asset handling, making companies liable for illegal storage or management.
The stakes are even higher for companies in regulated industries – or for any company that handlesany kind of personally identifiable information including customer, financial, medical, or personnel records – because end-of-life for IT equipment involves both the data and the device. The Sarbanes-Oxley Act (SOX), the Health Insurance Portability and Accountability Act (HIPAA), the Fair and Accurate Credit Transactions Act (FACTA), and the General Data Protection Regulation (GDPR) are among the laws that place strict requirements on institutions around data management for end-of-life assets.
To sum up, you must ensure you're compliant with all laws and regulations in the countries, states, counties, and cities in which you operate. How do you track all the materials you retire? How do you prove compliance? How and where do you store the records? Even companies with robust IT department have found it to their advantage to partner with an established ITAD provider.