Sustainable data destruction: the public sector can do better

What are the financial and environmental impacts of the physical destruction of data and equipment? What examples of commitment to sustainable alternatives could the public sector show?

Today, electronics has the « fastest growing waste stream in the world, » according to the international study E-Waste monitor.

According to the document co-authored by UN training programs and the International Telecommunication Union, the world generated 53.6 billion metric tons (Mt) of electronic waste in 2019.

1.362 Mt of electronic waste in France

For countries with a formal waste management system, collection and recycling rates remain relatively low, the study adds.

Of the 1.362 Mt produced in France (21 kg per capita), 742,000 tonnes (2017 figures) were collected and recycled.

« Due to the slow adoption of collection and recycling, externalities – such as resource consumption, greenhouse gas emissions, and the release of toxic substances, such as mercury, during informal recycling – illustrate the problem of staying within sustainable limits (…), which is not without risks to the environment and human health, » says the E-Waste monitor.

For Yves Gheeraert, Blancco’s Director for Benelux, France and Southern Europe, this unnecessary destruction also increases operating and hardware costs for private and public companies.

« Public administrations are contributing to the increase in e-waste, while budgetary constraints and the Climate Plan are prompting them to be more careful in their environmental management, » he notes.

Exorbitant destruction costs

According to a recent study by Blancco Technology Group, the French government and public sector organizations spend €6.41 million on the physical destruction of technologies that are still often functional. Another €4.24 million is spent on replacement costs.

The price of the physical destruction of the SSDs (Solid-State Drives) alone would be 2.17 million euros.

Large-scale data storage devices, SSDs exist as external devices, and are also found in the cloud, in laptops and desktops, and in multifunction printers (MFPs).

Blancco’s survey was conducted independently by Coleman Parkes Research in December 2021 and January 2022, with 596 public officials from nine countries: the United States, Canada, the United Kingdom, France, Germany, Japan, Singapore, India, and Australia.

In France, the 70 respondents-representing 25 percent of government entities (regional and local headquarters)-« reported destroying an overall average of 1,748 SSDs per year, the highest of any country surveyed, » the paper said.

For many of the respondents, « the physical destruction of SSDs containing classified data is mandated by law ». And more than half believe it is « more cost-effective and secure than other data erasure solutions, » wrongly so, according to the study.

In addition, internal policies of government organizations often mandate physical destruction of equipment at the end of its life, either out of convenience, out of an abundance of caution – to make classified or secret data permanently irretrievable – or out of ignorance of the details of the security policy that allows for non-destructive options.

However, these practices also rub off on small and medium-sized enterprises and private companies, suppliers and customers, who are subject to the same rules as public bodies dealing with highly sensitive information.

So for Yves Gheeraert, it is increasingly urgent to consider sustainable alternatives that extend the lifespan of devices, that ensure the absolute security of end-of-life data stored on SSDs through secure erasure, and that would allow utilities to reduce their carbon footprint and expenses.

« With the acceleration of privacy and data protection laws, cyber threats, increased emphasis on environmental sustainability and the rapid acceleration of data transformation, it is necessary to consider all options allowed by existing regulations to create policies that fit the current government technology landscape, » he advocates.

« It is at the legislative or regulatory level where widespread change can occur – and where countries can align public sector data security needs with local, national and international sustainability goals. »