What you need to know about data protection in equipment leasing

Jun 12, 2018

Blog

Data protection is an important topic for manufacturers, distributors and resellers of equipment in today’s market. Across all industries, assets are becoming increasingly smart and connected. As a result, more data is being stored on those assets than ever before. Some of this activity-based data on the asset’s usage is probably "harmless". Personal data however, generally includes information that should not be disclosed to the outside world. Current and future data protection legislation indicate it’s vital to ensure data is adequately wiped before an asset changes hands between customers (business end-users of assets).

Methods of data wiping

(Personal) data, is in many cases stored on the asset’s built-in hard drive, which can be reused or destroyed. Data-wiping can be done in three different ways:

  • The stored data is wiped using special software (software destruction), whereby the hard drive is overwritten with zeros and ones to make the stored data irretrievable. For some assets, such as IT assets, this method is the standard procedure, as it maintains the value of the equipment.
  • The hard drive is replaced and degaussed, a technique that uses a strong magnet to wipe data from the hard drive.
  • The hard drive is replaced and shredded (physical destruction) into small pieces.

At the customer’s request, the service provider can provide a certificate that, on the basis of a serial number, confirms that the data has been wiped from the hard drive.

Data-wiping services

In the IT and medical industries, manufacturers and resellers have been offering data-wiping services to customers for years. In other markets, such as the automotive, agricultural and construction industry, data protection was never previously seen as an issue. But nowadays cars, lift trucks and harvesters all have on-board computers that capture and store data. Buyers of pre-owned cars, for example, are frequently confronted with recent destinations of the previous owner on the navigation system or from mobile phones that had been connected to the car’s Bluetooth device.

Return conditions in lease contracts often now include a clause explicitly stating that customers are responsible for data-wiping. However, many customers lack the know-how to wipe such data from the asset. As a result, manufacturers, resellers or third parties have developed data-wiping capabilities that they offer to customers as a service.

In some countries, DLL is now offering a Fair Market Value lease where the customer can choose to add IT Asset Disposition (ITAD) services into the lease. This means that at the end of the lease term DLL - by using a third party provider - will either package, transport and/or data wipe the equipment. The end-user will receive a data erasure certificate. DLL will also send the customer an environmental report if this is provided to DLL by the ITAD partner. Learn more about IT Asset Disposition (ITAD) services from our expert, Rob Ceribelli, VP of Asset Management at DLL.

 

Imaging equipment
Initially, both the operating software of the imaging machine and the patient’s data were stored on one hard drive. When the hard drive was wiped or destroyed, the operations software was gone and the equipment didn’t work anymore. Nowadays, medical equipment has two hard drives: one for the operating software and one for the patient’s data."

Practical data implications in equipment and technology leasing:

  • Assets in more "traditional" industries such as automotive, agriculture and construction are increasingly capturing and storing data on assets. This has driven demand for new data protection products and services.
  • Storing operating software and captured (personal) data on separate hard drives is recommended in order to prevent the need for new operating software in the event of the hard drive being wiped.
  • EU-based organizations that act as a "processor" or "controller" of data will be liable for any data breaches and face potential financial penalties as a result under the General Data Protection Regulation (GDPR). It is mandatory to inform customers of cases of data breach, which brings with it operational resource implications for many organizations.

Managing the impact of compliance on life cycle managementResearch and insights:

DLL’s newest whitepaper focuses on data protection as well as regulations for recycling of assets and cross-border shipments. The whitepaper examines the impact of compliance on manufacturers, dealers and resellers, making the transition to a circular business model. Get your free copy of the whitepaper now.