Many retailers continue to behave badly when it comes to their IT equipment and waste disposal practices. Proper management of e-waste would have spared millions of dollars in fines and a hit to their image and reputation for those who have recently been caught doing the wrong things. While several of them have settled with Californian courts, their troubles will not end there, since reputational risk takes a long time to fix. So why are retailers so willing to turn a blind eye to proper disposition procedures when the risk is so high?
By now you must have seen the news story about Home Depot reaching a $28 million settlement with Alameda County over its disposal practices involving, among other things, electronic waste. Most the fine will be paid out in the form of civil penalties. The case goes back to the 2013-2015 period when the company trash compactors in some 31 stores were found containing hazardous waste, and even customer data. eScrap News reports that prosecutors alleged that hundreds of Home Depot stores and distribution centers in California “were routinely sending hazardous wastes to local landfills not permitted to receive them and putting sensitive customer information at risk of exposure.”
But wait, California has gone after other retailers who were alleged to have done similar things. Our good friends at E-Scrap News have done a great job inventorying a list of companies that have been facing the California justice system for the exact same offenses. In the list, it is striking that retailers are the number one problem makers. One of the cases involves a settlement forcing 57 AutoNation dealerships and collision centers to pay $3.4 million. Just like in the Home Depot case, inspectors found hazardous waste, including illegally disposed IT equipment inside the service departments of several AutoNation sites.
Last year, dozens of California District Attorneys announced a settlement with another retailer, Big Lots Stores, Inc., in which a court ordered it to pay more than $3.5 million in civil penalties, costs, and supplemental environmental projects. Just like the other cases, the company was found improperly disposing of hazardous waste, including electronic devices and other e-waste. The authorities said that “Big Lots employees disposed of hazardous waste in ordinary dumpsters bound for local landfills unpermitted to accept the waste, rather than having the waste lawfully transported to authorized hazardous waste facilities.” Another retailer found in breach of environmental laws in California is Dollar General.
So the question then is why are retailers so apparently out of line with proper environmental practices when the cost of breach is so high? And what do they say at the corporate level? There is the obvious answer as to the why, although it is not a sufficient reason to justify a lack of proactive attention: retailers with brick-and-mortar sites have a bigger environmental bar to jump because of their physical footprint when compared to other sectors. And managing all of that is not easy. Obviously if you are a large retailer, you have a bigger geographical presence, and it is easier for state or county environmental inspectors to show up and verify what’s going on. California being the most advanced enforcer of environmental code in the United State, it’s no secret as to why all these cases are dealt with by Californian courts.
Ironically, retailers happen to outperform other sectors in specific areas of ITAD (IT asset disposition), and tend to do worse in other areas. Their strength is their recognition of the problem. Their weakness is poor execution, as a result of lack of money and poor organizational structure. I can summarize that by the following: Retailers are fully aware of the problems they can be facing if found in breach of environmental laws, and want the help from ITAD companies. But they have two problems: they are incredibly cost sensitive, with very little money to spare, and cannot figure out a way to structure their ITAD programs in a business that has so many decentralized and geographically spread retails units. These units that are running their own show, often operate out of reach of corporate compliance. These are two big problems that some savvy ITAD companies can help solve.
In our most recent survey of the business sector in the US, we spoke to 31 of the largest retailers in the country, including one pharmacy chain. Ironically, but perhaps not surprisingly, considering their geographical footprint, half of the companies reported “environmental concern” precisely as a key reason for their decision to outsource PC client disposal. Environmental concern is the same rate as data security concern, a figure that surpassed those of other sectors. For example, environmental concern when disposing of PC clients as a reason to outsource was reported by 24% of the companies operating in the financial sector, and 28% by healthcare institutions. Again, it seems possible that the geographical spread of mass retailers make them, at least in theory, more aware about their environmental position. The figure nears 60% of the retailers when it comes to handling point-of-sale terminals (POS). Obviously the retailers do not want to see these devices ending in places where they could be facing big liabilities, a it keeps happening in California.
Our research finds that while 70% of US enterprises outsource their ITAD function to third-party professionals (and that’s what always advocate), we found that of the 31 large retailers we research, 81% hired professional companies to outsource their ITAD function. Only 19% of the retailers say they do not outsource, versus 30% for the entire US enterprise base. That’s a commendable figure, and one that hints that retailers are aware of the consequences of poor practices, but perhaps are unable to fully control what their individual units at the store level are doing. In the case of Home Depot, the problem was not just a store, but an entire region. The issue here for Home Depot is not just about bringing specific stores in line with best practice, but to get their regional leadership understand the consequences on non-compliance. This is, after all, a top-to-bottom mandate, that also requires willingness to execute at the bottom.
The figures listed above may seem in contradiction with the recent Californian court rulings, but not really. Most of the reported legal cases took place post-2015, generally between 2013 and 2015 when the retailers were caught red handed. Our research began after 2015 and since then, practices have undoubtedly improved since then. And mentalities have evolved since.
But is outsourcing good enough to say that a company is doing the right thing? The data suggest that’s not the case, because outsourcing to professionals is only one of the many venues that companies chose to dispose of their assets. It is possible that an ITAD professional firm is used for the disposal of a retailer’s datacenters and PCs/servers in the corporate HQ and regional offices, but not for the disposal of equipment such as POS and terminals from within retail stores. In fact, 27% of our retailers were honest enough to report that they also engage in IT equipment disposal via waste. So here while many companies say they use third-party professionals, they happen to also dump their electronics in waste. Not just that, but they also resell directly to employees and gift assets to charities without the support of professional ITAD companies.
So yes, retailers can do much better. There are several shortcomings in their approach to ITAD. Of the retailers that do not outsource ITAD, most report ITAD cost as being too high. Cost appears to be less of an issue for financial and healthcare institutions, but retailers appear more sensitive to it. IT Departments in the retail sector tend to be the overwhelming function in charge of ITAD’s day-to-day operations, reported by 82% of the retailers, versus 72% for the entire enterprise base. There is a problem in this situation in that IT Departments tend to be centralized functions residing in corporate headquarters. Retail IT departments tend to be less in touch with the brick-and-mortar stores, allowing breaches to happen without having the ability to perform an oversight function. IT department staff surely cannot be in all AutoNation collision centers, so Corporate Compliance must be focused on creating rules of engagements, and associated structures, organizations and practices that would direct the collision center managers and staff to follow proper procedures.
Because of these breaches, there is likely to be an awakening of sort among retailers, although it is unlikely to be sudden. Transformations on environmental practices and the introduction of new rules will be progressive and will require two problems to solve: retailers must be willing to set aside a disposition budget that address the geographical footprint problem. I assume the California court cases would act as an eye-opening moment to convince management to set aside proper resources. From an organization standpoint, there is a lot to be done. The distributed nature of brick-and-mortar retail will not change, but management needs to adapt. Although proper practices begin with top management awareness, creating structures that trickle down to local stores must a priority, and compliance officers must be at the forefront of pushing such movement to take place.
For retailers looking to shield their bottom line and identity against such risk, the journey begins by identifying the proper ITAD service provider to help. There are some good choices out there of companies that could help you put together a comprehensive program that could, at least, up your standards of practice and oversight. At the end, an ITAD vendor will not fully shield you against malpractice, but it is a required first step.
For ITAD vendors, these various court cases in California are a fantastic opportunity to showcase your ability to deliver a product/service that an entire industry needs. But here’s the issue: you must have a very retail-centric go-to-market approach to presenting yourself to retailers. Your sales pitch that focuses on the concept that “we have the best data security and environmental practice,” is surely outdated and no longer enough to differentiate yourself with your competitors. And if that’s the case – that is you’re the best – you must demonstrate it. At the end, you must speak the same language as your prospective retail client, or any other type of client. That means you must be willing to revisit your sales and marketing strategies, and be willing to make changes there as well.