PC Disposal Strategies

RFG believes many enterprises overlook and/or underestimate the growing costs associated with the retiring and disposing of PCs. Increasing security and privacy concerns add complexity to the issue of PC disposal. Additional factors including the decreasing values of used systems, the glut of used equipment, and public image concerns exacerbate the problem and add gravity to this life cycle management component. IT executives should include PC disposal in desktop system management costs, and attempt to minimize the costs and complications of disposal by incorporating these strategies into the desktop acquisition process.

Business Imperatives:

• End-of-life PC disposal options run the gamut from the built-in option leasing allows, wherein PCs are returned back to the lessor, to trading in systems for new purchases. Additional options include selling PCs to resellers or online, giving PCs away to charitable organizations or employees, and paying a reseller or recycler to remove equipment. PC disposal is such a critical and costly issue that IT executives should have a strategy for disposal before the purchase of new PCs to minimize end-of-life costs and related issues. IT executives should review and optimize their end-of-life strategies to address issues including accounting, asset management, depreciation, regulatory requirements, storage space, taxes, and PC valuation.
• New issues are arising that affect how enterprises dispose of PCs. Decisions made even two years ago about these strategies should be reviewed, as they may no longer be valid or appropriate for the enterprise. IT executives should become and remain aware of changing regulatory and environmental issues, the risks associated with the non-removal of sensitive data, and the various recycling strategies available.
• The market-leading PC vendors all offer end-of-life re-acquisition options for their own equipment, and sometimes they are offered from other vendors as well. However, individual programs may change from time to time and in-house capabilities differ radically between vendors. IT executives should assess the advantages and disadvantages of available disposition options, and should optimize the disposal process to meet enterprise cost, environmental, inventory, public-relations, regulatory, security, and trade-in requirements.

Understanding the true costs of laptop and desktop ownership, managing life cycle issues, and harnessing that information to optimize the acquisition, system distribution, and disposal process is more challenging today than it has ever been. Vendors offer various costing models to help assess the true, overall cost; however, most enterprises are conditioned to ignore these frameworks because of model characteristics including frequency of change, vendor-specific nature, and poor track records. (See the RFG Research Note "Switching PC Hardware Vendors: Understanding the Costs.") Two important considerations often neglected are the costs and risks of PC hardware disposition.

Unfortunately, the issue of PC retirement is becoming increasingly thorny due to several converging factors. First, the decreasing cost of new PCs is wreaking havoc on the used PC market, reducing – and in many cases eliminating – the attractiveness and value of secondary market options. Further, the sheer volume of unwanted equipment is aggravating this trend and making disposal options difficult. These factors are readily apparent in that many charitable organizations previously receptive to donations of used PCs will now only accept new systems. (See the RFG Research Notes "PC Afterlife" and "Should You Give Free PCs to Your Employees?")

Secondly, regulatory requirements – especially in financial and healthcare industries – mandate that levels of privacy and records retention/deletion be adhered to, and guidelines will likely become more stringent. Thus, IT executives should ensure that data is appropriately retained and catalogued, or wiped from retired systems. These regulations include the Gramm-Leach-Bliley Act (GLB), Health Insurance Portability and Accountability Act (HIPAA), and Sarbanes-Oxley Act of 2002. (See the RFG Research Notes "HIPAA Privacy – First Step Down A Long Path," "Sarbanes-Oxley: Corporate Governance. IT Headache?," "Privacy: An Architectural Approach," and "The Policy Side of Electronic Records Retention.")

Further, legislation outside the U.S. such as Canada's Personal Information Protection and Electronic Documents Act (Bill C-6), and the European Union's Safe Harbor Accord for the European Commission’s Directive on Data Protection exacerbate the problem. Lastly, environmental issues including tightening legislation nationally and internationally, stricter dumping laws, and the risk of potential backlash from questionable disposal practices also merit consideration.

Exposure risks from improper, poorly planned, and scattershot disposal practices are abundantly evident in many of the headlines gracing magazines, newspapers, and television. In January of this year, a group of graduate students at the Massachusetts Institute of Technology (MIT) studied the data cleansing used on hard drives in the secondary market. Of the 158 drives purchased on eBay, Inc.'s Web site for less than $1,000, 129 were functional. The students found that only 12 percent of the disks were properly sanitized. They were able to extract 5,000 credit card numbers, detailed personal and corporate financial records, and even a year's worth of financial records from an automatic teller machine in Illinois.

Beyond security and privacy, environmental safety and responsibility concerns should also be on IT executives' short list of PC disposal criteria. Rigorous American, European, and Japanese environmental legislation has forced the triad to protect their landfills from the hazardous metals used in PC components. Unfortunately, while a viable business model for reselling usable PCs or PC components is achievable for small and large companies alike, "de-manufacturing" unwanted components and harvesting raw materials including plastics and heavy metals is a complex and costly proposition. A National Safety Council report entitled "EPR2 Baseline Report: Recycling of Selected Electronic Products in the United States" finds that as much as 80 percent of computers in the U.S. are being inexpensively "disposed of" in Asian countries.

Although China, India, and Pakistan ban the import of toxic computer components for dumping, the practice has become commonplace through routine bribery of customs officials. Dumping PCs offshore using "toxic arbitrage" can cost recycling companies as much as 90 percent less than complex harvesting techniques. High levels of barium, beryllium, chromium, lead, mercury, and other toxins can be found poisoning soil and water supplies in these locales. Findings show samples to contain waste levels to be hundreds of times higher than U.S. and European regulations allow, leading to high rates of birth defects, infant mortality, and tuberculosis.

Although enterprises rarely have direct knowledge of their involvement in offshore dumping or other illegal and environmentally unsound disposal techniques, this does not mean that those companies are immune to future prosecution or retribution. RFG believes national and international regulatory legislation will become much more stringent during the next 36 months, and that enterprises and recycling companies will need to assume increased responsibility for where components end up and how they are used. Furthermore, IT executives should be prepared for the possibility that enterprises will be responsible for ensuring systems are safely and properly recycled, even after ownership is transferred to another party.

Also during the next 36 months, RFG further believes it is likely that awareness of the hazards of PC disposal will become a widespread mainstream topic of discussion. The issue will most likely be propelled in large part by a predicted series of disturbing human and environmental exposés. Moreover, since component ownership can be traced, it is also likely that several large corporations will suffer embarrassment and image damage.

As a result, corporations will be subject to financial ramifications from consumers and in the form of stock valuation; legal penalties may also be possible. To mitigate this risk, companies are frequently offered indemnification during the transfer of ownership from enterprise to recycler. Additionally, companies will be able to purchase insurance that will protect them from such liability. But since this liability could extend for decades, the cost of this insurance could prove to more than offset the advantages of using a low cost disposer and force these companies to provide their own indemnification coverage.

IT executives evaluating PC recycling options and vendors should ensure that the proper recycling processes in place are in compliance with environmental, privacy, and security regulations and best practices. Further, IT executives should have someone on their team visit recycler facilities to conduct the required due diligence rather than relying solely on vendor lip service.

IT executives should consider using business application profiles (BAPs) and user application profiles as tools to aid in the development and management effective phased PC retirement strategies. (See the RFG Research Notes "An Update On The Importance Of Business Application Profiles (BAPs)" and "The Importance of User Application Profiles.") IT executives may also wish to consider piloting those disposal/retirement strategies within IT as examples for the rest of the enterprise.

All of these complex disposal factors and the lack of a "silver bullet" strategy or vendor solution combine to leave enterprises with high exposure levels from improper PC disposition. As equipment leasing is able to sidestep the issue altogether, some corporations are opting for this form of automatic system refresh as an effective insulator. Other enterprises are very uncertain about what will happen with changing environmental, privacy, records retention/deletion, and security requirements, and assume that used machinery has inconsequential secondary value. Thus, a small but significant set of risk-averse large companies have resorted to stockpiling their old PCs to protect against future liability or public relations problems.

While effective, this level of protectionism is neither advisable nor necessary. Warehousing costs for unused systems can mount rapidly, and the enterprise is much better served eliminating the need for space and recapturing system equity through appropriate disposal. IT executives should deal with PC disposal in a manner consistent with other PC life cycle management strategies and incorporate end-of-life strategies into the acquisition process. IT executives should construct end-of-life requirement documents that appropriately address enterprise security and privacy requirements, include specifications in PC request for proposals (RFPs), and require that PC vendors provide indemnification and proof of proper system disposal.

When performing vendor due diligence, IT executives should pay close attention to each vendor's strategy for disposal and recycling of PCs and their components. Vendor models include extensive and profitable recycling/resale/reuse businesses, while others operate in a money-losing fashion, and some outsource the entire end-of-life process. Some vendors have extensive refurbishing and recycling business operations, such as IBM Corp.'s Global Asset Recovery Services, which is able to optimize the refurbish/recycle decision using a continuously updated information database with global capabilities. Other hardware vendors may assume unwanted equipment; however, systems may never actually enter into their possession and instead be directly offloaded to national or local recyclers.

Those recyclers may or may not have sufficiently regimented and sophisticated processes, and may or may not be able to recapture hazardous raw materials during PC de-manufacture, recycling, or refurbishment. Recyclers lacking in sophistication may thus be compelled to sell their unwanted components to other recyclers, some of which may or may not also suffer from insufficient processes. Thus, equipment may eventually wind up in landfills either in its country of origin or offshore because of the price attractiveness of doing so. IT executives should therefore realize that indemnification from a vendor lacking proper facilities and procedures may or may not prevent future liabilities.

Vendor responses to enterprise requests for proposal (RFPs) should be weighted based on vendors' abilities to meet enterprise requirements, and the relative strategic importance and value associated with proper PC disposal. In vendor RFP responses, IT executives should request detailed vendor disposal strategies that include the criteria required in the following table.

Source: Robert Frances Group

To provide vendors with a further sense of what is required, IT executives should deliver enterprise environmental, privacy, and security policies to recyclers, and require they be included in the contract with the vendor if it is selected. Unfortunately, these criteria may be overwhelming for those IT vendors that outsource the bulk of their recycling operations. Furthermore, evaluating these criteria and getting consistent and guaranteed processes formalized and followed is exponentially difficult as the number of involved independent subcontractors rises. This is especially true for those recyclers that operate on a regional basis or are relatively small in size. IT executives should match the risks of dealing with less-capable and process-oriented vendors with potential costs of exposure, and carefully factor findings into the decision making process.

IT executives should not overlook the financial aspects of PC disposition, and should work closely with corporate financial teams to ensure that appropriate strategies are architected. Leasing options, for instance, are a recurring operating expense rather than a balance sheet line item and must be accounted for accordingly. It is also important to understand that systems that are stockpiled rather than disposed incur more than just warehousing costs, as idle systems can have significant impacts on the books.

Additionally, owned assets must be properly depreciated. Changes to end-of-life points will have an effect on amortization, depreciation schedules, net income, and taxes paid in a given year. Further, enterprises lacking proper disposal and tracking methodologies may also fail to transfer unused software licenses and warranty support, resulting in as much as 20 percent overpayment. IT executives should integrate end-of-life PC requirements into asset management and financial modeling tools and processes to prevent overpayment, and present a clear picture of the monetary impacts of PC disposition strategies.

RFG believes PC disposition is a critical element of an enterprise's overall PC life cycle management process. Environmental, privacy, and security requirements should be appropriately planned for in the acquisition and disposition process, and IT executives should perform rigorous due diligence on selected vendors due to the high exposure risks and costs. IT executives should align themselves with financial executives and legal counsel to ensure that acquisition and disposal strategies are optimized to maximize value to the enterprise while protecting enterprise interests and mitigating risk.