< All Topics

What are the requirements for data security and destruction under the e-Stewards Standard?

A: The e-Stewards Standard recognizes the critical importance of data security and privacy in the
management of electronic waste. Certified recyclers must implement robust processes to protect
customer data and ensure the secure destruction of data-bearing devices. Key requirements for
data security and destruction under the e-Stewards Standard include:

  1. Data security policies and procedures: Certified recyclers must develop and implement
    documented policies and procedures for the secure handling, storage, and destruction of
    data-bearing devices.
  2. Physical and electronic security controls: Certified recyclers must implement appropriate
    physical and electronic security controls to prevent unauthorized access to data-bearing
    devices and protect against data breaches.
  3. Employee training and background checks: All employees involved in the handling of
    data-bearing devices must undergo appropriate training and background checks to ensure
    the protection of customer data.
  4. Data sanitization standards: Certified recyclers must use data sanitization methods that
    meet or exceed current industry standards, such as NIST 800-88, to ensure the complete
    and irreversible destruction of data.
  5. Verification and documentation: Certified recyclers must verify the successful
    sanitization of data-bearing devices and maintain detailed records of all data destruction
  6. Downstream due diligence: Certified recyclers must conduct due diligence on
    downstream vendors involved in data destruction activities to ensure that they are
    properly licensed, permitted, and capable of managing data-bearing devices securely.
  7. Incident response and reporting: Certified recyclers must have documented incident
    response plans in place to address potential data breaches and must promptly report any
    data security incidents to affected customers and regulatory authorities.
    As of July 1, 2022, e-Stewards certified recyclers will be required to hold NAID AAA
    Certification for data sanitization and destruction services, further enhancing the program’s data
    security requirements. By prioritizing data security and destruction, the e-Stewards Standard
    helps to protect consumers, businesses, and the environment from the risks associated with
    electronic waste.