Hardly a month goes by without a large company reporting a data breach and coming under fire for allowing it to happen. As the public becomes more concerned with computer security, so does every business owner or manager who routinely handles private data.
It's not just public scrutiny that makes business owners walk on eggshells; increased regulation also plays a part. Ever since May 2018, when the GDPR was implemented, there's been a major shift in data security awareness. Here's what you should know about responsibility when it comes to data security.
In legal speak, your clients, employees, and all other individuals whose data you store are called 'data subjects'. Data subjects are entitled to a portable copy of the data you collected from them on request. If, in your line of work, you mainly process personal data, then your company should appoint a data protection officer (DPO). Also, any impactful data breaches should be reported to the Information Commissioner’s Office (ICO) in 3 days.
Disposing Of Data
Discarded computing devices are vulnerable to data theft, so before you dispose of an IT asset, the data needs to be sanitised and a record of the disposal must be made. Exporting personal data outside the EU is not an option - GDPR rules strictly forbid it.
Also, shipping your computers and servers away to another branch or associate without purging the data first is against the law. It makes no difference whether the asset is resold or donated. As far as the client is concerned, if your company hasn't disposed of the data permanently, then it continues to be in your custody. This is why many organisations rely on asset disposal companies to destroy the data and the storage devices professionally.
Sourcing A Recycling Company
This is a task that falls within the remit of the IT manager, IT asset manager, or DPO - if you have one. But the overall responsibility of safeguarding the client's data is in the hands of the business owner.
Carrying Out Background Checks
Industry standards are tough. Any asset disposal company should be a Registered Waste Carrier with a Waste Management Licence from the Environment Agency and ADISA accreditation, as standard. Additional certifications, such as ISO and WEEE logos and badges, are also a must. Where possible, the business owner may be able to obtain references from associates and partners.
Budgeting For Asset Disposal
IT managers must strike a balance between minimising risk and keeping costs down. In their search for the best value-for-money solution, they may overlook safety and environmental standards, or be unaware of them, so business owners shouldn't rest on their laurels once the task is assigned. They have a duty to monitor disposal through to completion and prove it through a documented audit trail, should it be needed.
Recycling Data Storage Devices
Under Waste Electrical and Electronic Equipment (WEEE) regulations, computers are e-waste. Disposing of them in landfills is illegal due to the toxicity of their components. Penalties are enormous, and being suspected of non-compliance can have a serious impact on eco-conscious consumers.
Trust Us With Your Old IT Assets
Handing over the job of secure asset disposal to a reputable company gives you one less thing to worry about. If you'd like to know more about secure and effortless data disposal, please download our Guide to Mobile Data Sanitisation or contact Absolute IT Asset Disposals to discuss your needs today.
Image Source: Pixabay