As IT professionals, we know managing IT assets throughout their entire lifecycle is crucial. It’s common to see businesses fail at the last stage of the life of an IT asset — secure disposal.
Recently Morgan Stanley experienced firsthand the importance of this lesson. Morgan Stanley was fined $60 million over this failed hardware decommissioning oversight.
So, what exactly happened?
The bank was fined for improperly handling 2016 decommissioning of two data centers tied to its wealth management business. In explanation of the $60 million fine, the Office of the Comptroller of the Currency (OCC) cited that Morgan Stanley did not properly decommission its data centers, which were full of sensitive information.
Banks, like most sensitive information industries, must effectively assess and address risks associated with decommissioning hardware that may contain personally identifiable information. Morgan Stanley failed to accurately assess the risks of subcontracting work and failed to keep required tabs on customer data being stored on obsolete devices. Worst of all, they failed to maintain an appropriate inventory of customer data stored on the decommissioned hardware devices.
What can we learn from this?
Management and proper disposal or decommissioning of old hardware are as crucial as transferring data onto your new hardware.
Whether in the financial sector, the healthcare sector, or simply a business that handles sensitive customer data, you should care about the data that lives on your old hardware. How are you protecting, decommissioning, and ensuring that the devices and their data are permanently destroyed?
IT asset lifecycle management is a core feature of a managed IT service relationship. At PK Tech, we make sure we manage your IT assets from inception to decommission, and we don’t skip steps along the way. Get in touch with our team of qualified IT professionals.