Resource Recycling: Repair Community Talks Mobile Devices

Excerpt from the Article

How data security plays into the repair shop environment

Data security plays into the ITAD process in obvious ways, with the need to protect businesses’ sensitive information during the asset retirement and redeployment process. Some of those translate over to consumer-facing repair shops, but there are also unique needs.

For instance, one basic security question is how to validate that the person getting a phone serviced is the person who owns the device. That’s particularly important when it’s a customer who is coming in to get data recovered off a locked or broken device.

It can be a sensitive issue that raises ethical questions, with possibilities like vindictive exes wanting info on a former partner’s discarded phone or family members of a deceased person wanting to access their Bitcoin wallet. 

Mike Cobb, chief information security officer at Novato, California-based DriveSavers, said his company deals with this almost daily now, and DriveSavers’ standard practice is to send the customer a DocuSign form, where they sign a statement guaranteeing that this is their property. The company can cross-reference that with the name on the phone, which can be somewhat informal verification.

“It’s becoming apparent we need to take more steps on that, but it’s difficult,” Cobb said, especially because his company gets more than 60,000 calls per year from customers wanting data recovery. Docusign is something his company is “more and more going to do in any type of data recovery.” And adding that step may send a message to bad actors not to work with his shop, he said.

It’s worth it to add protocols like that, because one lapse in security protocol “could very well be the end of your business,” said Chris Bross, president of consulting firm TierraByte. 

Read more at https://resource-recycling.com/e-scrap/2024/10/24/repair-community-talks-mobile-devices/