More than a third of large UK companies do not wipe data from decommissioned PCs, a study of IT disposal practices has revealed.
A third also have decommissioned computers containing data that is unaccounted for and 57% have decommissioned computers that are unaccounted for.
This is despite the fact that 68% of IT decision-makers polled by charity Computer Aid International claimed that data security is the primary concern when decommissioning IT equipment.
According to the charity, which refurbishes decommissioned computers for re-use, an estimated 75% of e-waste generated in the EU, equivalent to eight million tons a year, is unaccounted for, being exported illegally or sent to landfill and substandard treatment facilities.
Such decommissioning practices do not comply with the Data Protection Act, and have the potential to cause significant damage to UK companies as sensitive data can easily fall into the wrong hands once in the illegal e-waste stream, said Computer Aid.
"This research shows that current IT decommissioning practices in many companies seem to be resulting in every IT manager's worst nightmare - hundreds of thousands of redundant PCs containing sensitive corporate data, completely unaccounted for," said Anja Ffrench, director of communications at Computer Aid.
By not disposing of their IT properly, companies risk huge financial, legal and reputational costs and can cause severe damage to people and the environment, she said.
Improving IT decommissioning procedures is essential, said Ffrench.
Every IT manager should ensure that all their company's unwanted equipment is data wiped to CESG-approved standards and that they receive fully documented waste streams from their IT disposal service providers.
"These are essential steps in the decommissioning process and companies cannot afford the risks associated with not taking them," she said.
Computer Aid has published a guide based on the research findings that is designed to help IT decision-makers implement best practice IT disposal.