How much of your personal data will go on sale as an unnecessary side effect of cost savings

We can expect hundreds of thousands more personal computers and servers being shipped to Third World Countries for “recycling” as a result of Government departments, agencies and their suppliers seeking the cheapest means of disposing of surplus kit.

How much of your personal information will be going with them?

Meanwhile the administrators of private sector organizations, including outsource suppliers, that go down are under obligation to get best value, not to meet data protection or other regulatory requirements designed for ongoing businesses.

But this is not the cheapest, let alone the best (social, economic or environmental) way.

Government and its suppliers, as well as private sector administrators and receivers can get better value by following best practice in corporate social responsibility. The BCS was economically as well as ethically correct when it said that the act of reusing and recycling unwanted IT equipment will soon become the norm, due to both regulation and an “approach of collective conscience”.

The UK charity Computer Aid International has seen a sharp increase in corporate donors interested in donating their IT equipment for social and environmental reasons. The implementation of the WEEE directive , adds to the pressure, albeit many are as ignorant of its requirements as of their responsibilities for destroy any personal data that may be stored on the machines being dispatched.

Hitting the delete button is not enough to wipe the data. Passing the system to a scrap metal dealer (however posh their title) is not enough to wipe your legal responsibilities under Data Protection legislation. 

You need to ensure you are handing the equipment to a third party who will certify complete data destruction Thus Computer Aid offers CESG approved data wiping using Ontrack Erasure, on all donated hard drives, free of charge. If for some reason they are unable to data wipe a hard drive, because there are faulty sections on it, it will then be crushed and melted down. They also have public liability insurance covering equipment as soon as it goes into their possession, as well as data wiping insurance. 

Others will give similar assurances but make sure you check their documentation, including with the issuer, because it is clear that false claims are being made. Some of those claims may be made by those whose business models include the recycling of hard discs to those with an interest in not having the contents deleted material.

Donation to a reputable and responsible charity for re-use happens not only to be cheaper and more secure but more environmentally and ethically responsible. 

In 2009 in the UK alone, around 12 million new PCs were purchased. The number of PCs being discarded in the UK on a yearly basis is in the millions. At every step of the PC’s product life-cycle carbon footprints are left behind: during the…

·         initial extraction of minerals from the environment

·         processing of raw materials

·         production of sub-components

·         PC assembly and manufacture

·         global distribution

·         power consumption in usage.

According to empirical research published by Williams and Kerr from the UN University in Tokyo, the average PC requires:

·         240kg of fossil fuels

·         22kg of chemicals, and

·         1,500kg of water, 

largely because of the complex internal structure of microchips.

In consequence, despite the lower nominal power consumption of new generation technology, reuse is still 20 times more effective at saving life cycle energy use than recycling. Donating unwanted IT equipment to a charity such as Computer Aid is thus more environmentally friendly and socially responsible as well as more secure. 

Computer Aid’s aim is to reduce poverty through practical ICT solutions. Over the past 13 years Computer Aid has provided over 175,000 fully refurbished PCs – donated by UK businesses and individuals – to where they are most needed for use in agriculture, health and education across Africa and South America.

Computer Aid asset tracks all equipment donated to the charity. This involves bar-coding every piece of equipment that comes into the warehouse (each monitor, each base unit, each laptop). This allows them to provide donors with feedback on where their equipment has been sent to, which they are then able to share with staff or use in their CSR reports other good citizenship PR.

For more information about donating computers to Computer Aid International please visit Computer Aid’s JustGiving page, call 020 8361 5540 or email info@computeraid.org

P.S. There are similar programmes for recycling equipment for use in UK schools but do make sure that these include certification that they have been cleansed to similar standards because the risk of “interesting” data being exchanged via Facebook or sold to the Daily Mail is that much greater.

Join the conversation

1 comment

Send me notifications when other members comment.

Please create a username to comment.

The gist of this article is quite correct in that the current press about the EU re-cast of WEEE focuses on environmental but the area of data protection is THE most important for the companies / organisations holding the assets.

The data controllers must think first about the data, than the physical asset itself. As such there are many other factors to consider to ensure your data is protected. Even the selection of the supplier used needs to look deeper than the tools being used to over write the data. Their processes and procedure, staff, physical security and verification checks are equally important as the tools being used. After all, if a hard drive doesn't make it to the bench to have CESG approved software used on it then the whole process has failed.

There are very clear guidelines in the public sector for those governed by HMG Security Policy Framework (SPF) in the form of Information Assurance Standard 5. This stipulates clear processes which need to be applied to devices depending on the data held on those devices. In some cases over writing is not sufficient and ultimately only physical destruction is acceptable.

In the private sector controls need to be put in place to manage the chain of custody from point of decommission through to the point of data safe. A failure here means the whole process is simply "best endeavour".

WEEE and Data Protection go hand-in-hand and whilst asset disposal seems fairly unimportant and straight forward to many, there are huge risks in taking it for granted and de-investing in it.

Cancel

-ADS BY GOOGLE

SearchCIO

SearchSecurity

SearchNetworking

SearchDataCenter

  • How do I size a UPS unit?

    Your data center UPS sizing needs are dependent on a variety of factors. Develop configurations and determine the estimated UPS ...

  • How to enhance FTP server security

    If you still use FTP servers in your organization, use IP address whitelists, login restrictions and data encryption -- and just ...

  • 3 ways to approach cloud bursting

    With different cloud bursting techniques and tools from Amazon, Zerto, VMware and Oracle, admins can bolster cloud connections ...

SearchDataManagement

Close