R2 NEWSLETTER: OCTOBER 2023

FEATURE STORY

WITHOUT DATA SANITIZATION, WE CANNOT

ACHIEVE ELECTRONICS SUSTAINABILITY 

Data security is one of the highest customer priorities with used devices. But it’s also critical to achieving electronics sustainability. 

When we look at the goal of making electronics sustainable, traditionally, there has been a tremendous amount of focus on end-of-life and recycling as the solution. The theory was that if we can recover materials and put them into new devices, that bends the linear model of “take-make-use-dispose” into something circular, and largely, it does. But circular doesn’t equal sustainable. For example, if a new device is returned by a customer because they didn’t like the color and based on the expense to test, repair, wipe data, and remarket the device, it is instead recycled, is that sustainable? 

Even if all the usable materials are recovered, the answer is no. Since the majority of the carbon impact of electronics is made before first use, keeping a device in use as long as possible is also a key component to achieving electronics sustainability. Longer use means fewer devices produced, which means a lower carbon footprint for electronics as well as slowing the pace and volume of e-waste to recycle.  

So, it’s clear that reuse is critical to achieving electronics sustainability, which is why R2’s Core Requirement 2 is the hierarchy of responsible management strategies that prioritizes reuse before recycling. However, data security is critical for reuse. If customers lack confidence that their data will be protected, they will opt for physical destruction of hard drives and even whole devices, which flies in the face of sustainability. So, we can’t have sustainability without reuse, and we can’t have reuse without data sanitization. And that is what makes data sanitization so critical for achieving electronics sustainability. 

This is why, for us, data sanitization is also a core component of the R2 Standard and why the R2 TAC built Appendix B as an elevated set of data security requirements. It is also why we spend so much time supporting R2 Certified Facilities with resources to create positive outcomes with data security and sanitization. 

In this October R2 Newsletter, we are highlighting new additions to the R2 Knowledge Base, including a new podcast and a Data Security and Sanitization Internal Audit module, and we’ll continue developing resources to meet one of the highest priorities for customers and for achieving electronics sustainability.

THE IMPORTANCE OF THE DATA SECURITY

AND SANITIZATION INTERNAL AUDIT 

Data security and sanitization is a chief concern of customers, and facilities must build a robust process for ensuring they are meeting the high bar for the requirements built into the R2 Standard. The R2 TAC understood the importance of data security in creating customer confidence in R2 and the increasing pervasiveness of data in a wide range of products.  



Because of this, the Internal Data Security and Sanitization Audit is a Core Requirement of R2, which means all facilities are required to perform this audit, regardless of size or what types of devices they typically receive.  

To help facilities conduct a high-quality thorough audit, SERI has prepared an Internal Audit module for data security and sanitization to help strengthen facility personnel’s competency for this internal audit, and it is now available on the Knowledge Base.  

DATA SECURITY AND SANITIZATION EXPERTS

DISCUSS EMERGING TRENDS IN LATEST PODCAST 

As technology continues to move forward at a rapid rate, data security is now a top concern for most customers of R2 facilities. And it should be. The risk of a breach of personal data, no matter how small, always has serious consequences, and it’s the responsibility of an R2 Certified Facility to protect that data on the devices that are being received and processed.   

R2 Guru Roger Greive recently sat down with Jonmichael Hands and Steve Mellings, a pair of data security and sanitization industry experts, to discuss topics like how to educate customers on assessing risk tolerance and why they should trust secure sanitization methods over destruction, how the data sanitization world should deal with the Internet of Things, current and emerging trends in data security and sanitization, and more in his latest Ask The R2 Guru podcast. 

Hands is one of the drafters of the new IEEE 2883 Standard for Sanitizing Storage, which details the method of sanitization for each device type by clear, purge, and destroy. The NIST 800-88 Guidelines for Media Sanitization haven’t been updated in about nine years, and with developments in technology in data storage media, the IEEE 2883 Standard provides a method of sanitization for new technology that stores data. Hands talks about why the industry needs to know what is coming.    

Mellings is the founder and CEO of ADISA, which, aside from providing data sanitization software product certification, also develops and hosts the IT Asset Recovery Standard. This standard pairs customers with ITAD facilities that can perform the necessary sanitization based on the customer’s risk and sensitivity of data. Mellings discusses why this standard is prominent in helping customers who need to comply with GDPR requirements.   

Sit back and listen to this resource and increase your knowledge to share with customers.     

A HELPFUL R2v3 REMINDER

FROM THE R2 DIRECTOR

APPENDIX B(13)

Remember, Appendix B(13) requires routine sampling by a competent and independent party to demonstrate data is not recoverable. The requirement here is that these data recovery attempts be made by someone who is both competent in data recovery and who is an independent party from the one who performed the logical sanitization.   

An independent party does not need to be an external party. It can be someone internal who is independent of the data sanitization process, like IT or other personnel. For smaller organizations, it may be someone external, like a consultant, when there is no one internal that is both competent and independent.  

R2 MARKETING MINUTE - FALL 2023

The R2 Marketing Minute, slated to be released next month, takes an in-depth look into how we’re talking about R2 to customers on behalf of facilities and how an R2 Certified Facility can leverage those messages within their communications. We’ll also have some tips and tricks on the best way to market your R2 Certification and provide updates from the R2 Resource Center.  

This quarterly(ish) newsletter is especially designed for those tasked with marketing and sales within facilities and is designed to help you get the most out of your R2 Certification. If you haven’t signed up yet, you can do so below. You don’t want to miss it!  

WE ARE HIRING! START YOUR NEXT CAREER ADVENTURE WITH US 

We are looking for passionate high-performers to join our team and do something that is not only personally rewarding but also makes a difference on a global scale. We are a nonprofit with bottomless ambition and a team that positively impacts the planet and helps bridge the digital divide by educating and influencing people and businesses toward better decision-making with their used electronics.

Are you ready to join our mission of making electronics sustainable? We have a wide range of job opportunities with a flexible work schedule that we are currently looking to fill. If you feel SERI is a place where you’d thrive, apply today. 

THE POWER OF THE R2 KNOWLEDGE BASE

The R2 Knowledge Base is filled with videos, implementation articles, podcasts, and more helpful resources, all built to support the R2 community through the R2 certification process. 

If you haven’t spent time in the KB in a while, take a look and see what’s new. 

AVAILABLE R2v3 TRAINING CLASSES

NEW TO R2: INTRO TO R2 WEBINAR 

If you want to learn more about R2, join us on our Intro to R2 Webinars. They are held 3-4 times per month and are offered to accommodate time zones on all continents.

R2 AUDITOR TRAINING CLASSES

Looking for in-depth, online, and interactive training on R2v3? These classes are open to auditors, consultants, and facilities. Space is limited so sign up for the class today!

Each month, we let you know where we’re going and what conversations we’re having for two reasons. First, we simply hope you’ll catch up with us if you are planning to be in the same places. But even more importantly, we want you to know how we are talking to and educating the customers of R2 Facilities because they are the ones who have the ability to influence the decisions that their organization makes as well as the vendor selection process for their used electronics. We see choosing R2 Certified Facilities as a big part of the solution to getting to electronics sustainability and believe that educating all the various audiences is a powerful way to get there. 

This past month, R2 Guru Roger Greive spoke to electronics refurbishers and resellers from Europe, Africa, and the Middle East at the European Broker Meeting in Malta about the secrets to unlocking the full potential of R2 Certification. Chief Provocateur Jeff Seibert ventured to San Diego, California, where he helped educate sustainability pros at Sustainable Brands about the importance of practicing Sustainable ITAD and how working with R2 Certified partners supports organizational sustainability goals as well as data security and ESG priorities. Executive Director Corey Dehmey was also in California last month discussing ways to increase sustainability with data center hardware to IT professionals at the OCP Global Summit in San Jose. 

Where we're headed next:

• Circular-IT Annual Conference, Amsterdam, Netherlands, November 14 – Jeff will emphasize Sustainable ITAD and how decision-making and standards can contribute to a more sustainable approach to electronics. Jeff will also be inspiring participants to ReThink their relationships with electronics and contribute toward better sustainability and circular practices. 

• Wisdom APAC, Albert Park, Victoria, Australia, November 15-16 – Corey will be engaging with IT asset managers and helping them understand how to shift to Sustainable IT and the value of R2 Certification in vendor selection as he presents the session, “Transforming Your ITAD to Sustainable ITAD.” While in Australia, SERI is also planning to conduct additional meetings with R2 Certified companies and other stakeholders in the region. 

Got the R2 Newsletter as a forward? Sign up to start receiving your own copy.