Not all disposal services are the same. It is vitally important that you understand that disposing of data and equipment correctly is vitally important to your organisation. There are stringent regulations surrounding both data and environmental concerns, which you need to be aware of so avoid breaches. Ignorance is not considered to be a valid defence should matters ever end up in a court of law.
1) IT Disposal Exposes Your Organisation To Significant Risk That Needs Mitigation
Somebody once compared IT equipment disposal to demolishing an asbestos-infested building in that both data and asbestos dust are invisible but carry major risk. IT asset disposal can be a minefield for the unwary because of the list of potential regulatory breaches that can occur. The physical equipment could end up in landfill illegally but still be traceable back to your company. The data could potentially leak personal details of individuals into the public domain, breaching Data Protection and GDPR regulations, not to mention providing channels for cybercrime. Penalties for breaches are extremely stiff. Mitigate the risk either by educating yourself about Best Practices or engaging a specialist IT disposal service who will guarantee and certify total compliance.
2) Exercise Caution When Considering Free IT Asset Disposal Services
Refer back to point #1. Disposing of IT equipment nowadays is an exercise in corporate risk mitigation, although it is still a necessary activity. The stakes are much higher than they were even 10 years ago. Even passing on equipment internally from one department or owner to another requires a cautious approach to minimise any data related risks. While most free disposal services in the UK are highly ethical and operate with the best of intentions, the process may be unaccountable. You do not want your equipment to be recycled in such a way that it ends up in landfill in a third world country.
3) Obtain Chain Of Custody Documentation And Certification Of Destruction
It’s not a bad idea to consider a worst case scenario and what you might have done to prevent it from happening. Evidence of having done the right thing for each critical activity is an excellent defence to put forward should an organisation be accused of negligence or ignoring a duty of care when it came to disposal of IT assets. A professional disposal company will understand what the critical activities are and will provide documentary proof that best practice was adhered to at all stages. That represents a cast iron defence against any subsequent accusations in this regard as well as a valid adjunct to the Asset Register.
4) Be Aware Of The Relevant Regulations And How To Comply With Them
These standards and regulations govern safe disposal of asset disposal as an activity and the behaviour of companies that deliver such a service. Ensure that services you may be considering comply with them.
- HMG Security Policy Framework
- HMG IA Standard no. 5 – Secure Sanitisation
- BE EN 15713:2009 Secure destruction of confidential material
- code of practice
- JSP 440 Joint Services Publication
- Data Protection act 1998
In addition, a reputable disposal service will have obtained certification or accreditation to some or all of these standards or bodies:
- ISO 9001 and ISO 14001
- Environment Agency approved Waste Removal Service
5) Understand The Techniques And Processes That Will Be Used To Sanitise Your Data
The appropriate sanitisation process that a service may apply to your equipment depends in its ultimate destination. If it is intended to be re-used or sold on, then no physical destruction should take place, Instead, the service should use a recognised and specialist system, such as Blanco, to securely cleanse all data from a device. Where disposal is required, satisfactory HDD destruction and its equivalent for other data storage media should be provided.
How To Choose The Right Service
These are some of the more important considerations when selecting an IT asset disposal service. Be aware also of additional complexities regarding mobile devices.