Home 9 Blog 9 Looming ITAD black swan
data-center-operation

The Looming ITAD Black Swan

The term “Black Swan” was popularized by Nassim Nicholas Taleb when he described how unexpected events can have catastrophic consequences. Examples of Black Swans include the 2008 financial crisis, Hurricane Katrina, and the terrorist attacks of September 11th.

While a Black Swan is a surprise at the time it occurs, with the benefit of hindsight, experts usually conclude the event “was bound to happen.” Naturally, a Black Swan depends on the perspective of the observer. As Taleb explained, a Black Swan for a turkey is not a surprise to its butcher. Our objective should be to “avoid being the turkey.”

Taleb predicts a Black Swan will result from IT asset disposition (ITAD), but not for obvious reasons that spring to mind. Our mission at OceanTech is to ruin this prediction by raising awareness of vulnerability.

The cost of a data privacy

Data privacy concerns and environmental compliance are common worries with ITAD. Recent enforcements have grabbed headlines. Home Depot was hit with a $27 million fine for improper disposal of hazardous waste including electronics.

Being fined for dumping waste is not surprising. Nor was the consequence catastrophic. The penalty for Home Depot was slightly more than one day of profit for the Atlanta-based retailer. The cost of a data privacy class action can be catastrophic. Privacy lawsuits have a financial impact that can be much larger than environmental penalties.

Taleb says: “The impending ITAD Black Swan will come from a data privacy class action, but with a surprising twist. The surprise for the unsuspecting turkey will be the nature of the complaint. The ITAD Black Swan will not come from an isolated data security breach. The impact will result from the claim of willful neglect or the allegation of a cover-up.” Aggressive plaintiff attorneys are eager to demonstrate deep-pocketed defendants who systematically ignore regulatory requirements that put personal information at risk. As discussed in previous posts, and ITAD Reporting Gap exposes organizations to claims of inadequate safeguards and systematic negligence.

The catalyst

It is hard to predict what might trigger an ITAD Black Swan. Several different circumstances could easily cause a company’s ITAD Reporting Gap to be discovered:

  • A former employee gets caught stealing customer data using an unreturned laptop they didn’t know was missing.
  • A HIPAA investigation is launched after a disgruntled employee blows the whistle on a company’s ITAD Reporting Gap,
  • ITAD information is subpoenaed as corroboration in a broader claim of negligence.

Imagine an attorney making the following argument: “Your Honor, the defendant cannot account for thousands of computers. The defendant presumed a lost computer posed no risk. Regulatory requirements were ignored. Risk assessments were not performed. Rather than considering a lost computer a potential security incident, the defendant systematically swept the problem under the rug. The defendant is guilty of willful neglect, breach of implied contract, and unjust enrichment.”

The key point, easily discoverable information makes ITAD an easy target for an informed attorney. The wider the ITAD Reporting Gap, the bigger the exposure.

In conclusion

An ITAD Black Swan is looming but we can ruin this prediction by raising awareness of vulnerability. Executives are encouraged to rethink their approach to ITAD. Companies unprepared to demonstrate compliance with regulatory obligations open themselves up to expensive judgments.

If it turns out that Taleb’s prediction proves true, at least your company can avoid being one of the turkeys.

What is secure and compliant ITAD?

What is secure and compliant ITAD?

IT Asset Disposition (ITAD) is a vital part of the IT industry. In order to maintain a competitive edge, organizations need to constantly update their IT devices and equipment. This means they frequently have obsolete or outdated technology on their hands.

Why Proper Data Destruction Matters

Why Proper Data Destruction Matters

The process of Data Destruction is to make sure that whatever data you currently have stored on an electronic device is totally unreadable after the device has been wiped. The goal of data destruction ensures that this data cannot be recovered and used for unauthorized purposes.

IT Asset Management & why it’s important

IT Asset Management & why it’s important

IT asset recycling needs to be properly understood in order to make it easier to introduce to your organization as a “best practice.” IT asset management can be one of the most important parts of an organization’s overall strategy and provides up-to-date information to reduce risks and costs.

Stay informed about latest industry news

Pin It on Pinterest