With Apple’s recent announcement of the iPhone 6 and iPhone 6 Plus, many consumers and business people will soon be standing in line for hours to be among the first to upgrade to the latest model. However, if you are considering phasing out older corporate smartphones in order to take advantage of larger screen sizes, faster processing, more storage, and enhanced features, you also need to consider the disposition process for the retired device.

Companies that have made the significant investment in corporate smartphones must take the disposition process for this technology seriously. Smartphones, like computers, contain sensitive information — information that could be devastating to your company if it left your control and fell into the wrong hands. If a leak were to occur, you also risk violating regulations like HIPAA, PCI, or SOX and exposing your customers’ financial information or company secrets to the outside world.

Because so much is at stake, there are a few issues you need to be aware of when disposing of your old smartphones to make way for the iPhone 6.

Data Erasure on Smartphones

Despite the fact that smartphones are small enough to fit in your pocket, these devices are computers. The primary difference to remember, however, is that they store data differently than most laptop or desktop computers. The majority of smartphones have built-in solid-state drives that cannot be removed. For data destruction purposes, this is significant for two reasons:

• Solid-state or flash drives require special attention in the wiping process. Standard overwriting of data on SSDs cannot be validated in the same fashion as they are on magnetic drives. This is due to the unique memory cell architecture of SSDs and the “wear-leveling algorithms” used to manage them. The data can be securely wiped, but only if you use a process specific to SSDs and to the specific mobile operating system: iOS, Android, Blackberry, or Windows Mobile.

• Physically destroying the drive of a smartphone means destroying the smartphone itself. Used smartphones have value on the resale market, so companies that follow this method are missing out on the opportunity to recoup some of the cost incurred in the upgrade.

Secure data destruction is possible on smartphones; many mobile device management (MDM) tools have the ability to wipe data from these devices, as long as they’re connected to a network. iOS devices include an “erase all content and settings” feature that, if utilized correctly, can properly prepare an iPhone for resale. You must ensure that you have a way to document that this process was executed successfully on each handset. If your IT techs are busy with lots of projects, this may be the most challenging aspect of the process. It’s also when a device that has not been wiped could slip through the cracks and be sold with data and corporate application information still on it.

While the methods used for data erasure are different with phones and tablets than with laptops or desktops, the need for a well-planned and executed process is the same. The most important factor is to remove data in a systematic, consistent way and document the process and results. Not only does this ensure that no sensitive data falls through the cracks in the disposition process, it provides a trail of documentation in case your company ever faces an audit related to smartphone data security.

We have written previously about the need for following the proper process in data destruction and IT asset disposition. Those same lessons apply to the disposition of phones and other mobile devices. An ITAD vendor with expertise in smartphone disposition and data destruction can help you plan and implement a secure process for destroying data for an upgrade to iPhone 6, or any other mobile device.

If resale of a unit is not possible, corporate smartphones and their components must be recycled according to all federal and state environmental regulations. Again, a certified ITAD vendor is the best resource to turn to. They can help you identify resale opportunities and keep disposition of any unmarketable material within the boundaries of your regulatory and compliance obligations.

Smartphone data security and disposition are relatively new and evolving issues. To learn about the best practices developed so far for data destruction on solid-state drives as well as mobile devices, consult these white papers on our Resources page: Advances in Solid State Drive Erasure, and Wiping Data On Mobile Devices.