E-waste is the fastest growing waste stream in the world and each New Zealander produces
about 80 million kilograms of e-waste, almost triple the global average, most of which ends
up in landfill.
New Zealand businesses, agencies and households face a looming cybersecurity threat as
a barrage of data breaches hit vulnerable networks, software and people every year.
Coming on the top of that is the inherent vulnerability of electronic waste (E-waste).
As our tech-dependent lifestyle makes AI technology its platform, accelerated hardware
obsolescence – ranging from data centres, servers and IoT devices through to desktops,
laptops and smart phones – is an escalating serious security threat as well as a major
environmental hazard.
The heightened danger is driven by technology proliferation, device obsolescence, a
consumer-driven environment and new waste streams coming from data centres. In
addition, AI-enabled bad intentions, and more intermediaries in the data lifecycle are
sending e-waste hacking risks through the roof.
Currently, between 10 percent and 20 percent of cyber incursions happen when old
computer assets are being disposed of. End-of-use devices are a blind spot for businesses
and public agencies compared to live on-network devices.
There have been significant data breaches in recent years linked to e-waste. A US
government decision around April 2025 to remotely wipe hardware of some fired workers
(no physical collection of devices) is now under scrutiny due to the risks of improper
disposal.
Awareness of realised cybersecurity dangers highlights the importance for organisations of
robust IT Asset Disposal (ITAD) processes, data erasure, and having a proper chain of
custody for asset management.
E-waste hacking can lead to everything from impersonation, phishing scams and email
fraud through to blackmail and cyberattacks. It is estimated that 90 percent of second-hand
laptops, hard drives and memory cards still have recoverable data.
E-waste is already a multimillion-dollar risk for companies and can lead to potential
extortion, fines, litigation, pollution, and reputation destruction.
There was the early data loss incident at Morgan Stanley from 2016 to 2019 involving
decommissioning of data centres and loss of customer data that led to over $163 million in
penalties and fees. In Australia, Commonwealth Bank lost financial statements of almost 20
million accounts stored on two misplaced magnetic tapes.
Ahead, we can expect the costs of poor asset disposition to escalate. It’s estimated that
when Windows 10 support ends, 240 million PCs will become e-waste.
Making matters worse, people avoid recycling electronics through concern that their data,
even if deleted, will be stolen. It’s no wonder that Auckland rubbish truck fires – very-likely
caused by the burgeoning number of battery-powered devices and batteries in household
bins – have recently been in the news.
The best form of e-waste recycling is actually reuse, which demands proper, certified data
sanitisation – every year for example Greenbox sustainable tech company processes
millions of discarded computers and other e-waste from large companies, government
departments and agencies.
Any organisation that owns IT assets should have an asset inventory to help keep track of
each item in their disposal process, whether its incinerated, repurposed, or recycled. A safe
data destruction audit begins by examining the asset inventory to check for any
remarketing, relocation, or donation items. The IT Department can confirm that no other IT
assets are included in the inventory.
ITAD includes the processes of reusing, recycling, repurposing, repairing, or disposing of
unwanted IT equipment. Businesses and governments can avoid legacy IT assets coming
back to haunt them by maintaining rigorous data protection and environmental compliance.
Not doing proper risk analysis and due diligence to secure a certified, proven and trusted
ITAD partner is potentially catastrophic. Starter questions that businesses should ask their
prospective partner include:
- What is the range of your services, from gathering and sorting to removing, refurbishing,
reselling, and recycling? Will they meet our compliance mandates? - Does your organisation have certifications to show that you follow industry standards for
best practices in recycling and reusing electronics? - Do you provide us with a secure chain-of-custody for asset management, allowing us to
track our assets from the time of collection until they are disposed of? Is compliance
assured through an audit trail? How do you report / certify / support us? - How does your organisation erase data and what guarantees do you provide? For example,
Greenbox assures its customers of security through being a platinum ITAD partner for
Blancco (Data Erasure Software) and DISP (Defence Industry Security Program) certified. - Does your organisation erase all the data in our IT equipment, providing us with data
erasure certification? If the data isn’t erased through data erasure software (the most secure
data sanitisation technique), do you destroy the storage devices? - Are your facilities R2v3 (responsible recycling) certified? Do you ensure nothing goes into
landfill and zero carbon is emitted into the environment, and give us a carbon emission
certificate?
About the writer: Ross Thompson is Group CEO of sustainability, data management and
technology asset lifecycle management market leader Greenbox. With facilities in Brisbane,
Sydney, Melbourne, Canberra, Auckland, Wellington, and Christchurch Greenbox Group
provides customers all over the world a carbon-neutral supply chain for IT equipment to
reduce their carbon footprint by actively managing their environmental, social and
governance obligations.