In a previous blog post, The Dangers of Free IT Asset Disposal: Data Security, we covered the threat posed to data security by free IT disposal. A data security breach is not the only risk you run when choosing a free IT disposal service provider however, as there are a number of legally binding industry regulations which also need to be observed when disposing of IT assets.
In part two of our ‘Dangers of Free IT Asset Disposal’ series we take a closer look at some of the regulations which govern the disposal of IT assets, and ask whether a free ITAD provider can be entrusted to comply with them.
The WEEE Directive
The WEEE, or Waste Electrical and Electronic Equipment, Directive was implemented in February 2003 to ensure that the hazardous materials in electrical equipment are handled responsibly when recycled. Specialist skill and machinery is required to dispose of electrical equipment effectively, something which a reliable ITAD provider will offer as part of their overall disposal services. The risk in using a free ITAD provider is that they will not have the means or the capability to ensure full WEEE compliance, resulting in electrical waste being dumped illegally, and you and/or your client’s data, potentially being placed at risk.
Landfill Regulations Act 2002
The Landfill Act 2002 (England & Wales) is designed to reduce the hazardous and environmentally harmful practice of landfill disposal. A responsible ITAD will operate a 0% landfill policy, and will understand the environmental responsibilities incumbent upon them in the disposal of electrical waste. At EOL IT Services, we have a zero tolerance approach to landfill disposal, and ensure all our partners dispose of electrical waste safely and responsibly.
Environmental Protection Act 1990
The Environmental Protection Act 1990 makes it an offence to dispose of litter or waste onto land or water unless authorised to do so by the law or land owner. Compliance with, and thorough understanding of, the Environmental Protection Act 1990 should be mandatory for all ITAD companies.
Lack of Environment Agency Registrations
In order to dispose of waste legally, ITAD companies must hold a Waste Carrier License. These are issued by the Environment Agency (https://www.gov.uk/government/organisations/environment-agency) and need to be renewed each year in order to maintain their validity. Without this license, a company is not legally allowed to dispose of any IT assets. In the absence of a Waste Carrier License, companies are much less likely to act responsibly in the disposal of your data, and may even resort to fly-tipping and illegal dumping, which is not only illegal but extremely harmful to the environment.
Data Protection Act Compliance/GDPR
According to the Data Protection Act 1998, it is the responsibility of each individual company to ensure complete and responsible erasure of all sensitive data when it is no longer in use. This means it is vital that the company you entrust to dispose of your data is aware of the Data Protection Act and fully compliant with its regulations. Currently, if confidential customer or employee information is accessed as a result of a data breach, this could lead to a substantial fine from the ICO of up to £500,000.
The Data Protection Act will soon to be replaced by the EU’s new General Data Protection Regulation (GDPR). When the GDPR comes into force in May 2018, companies responsible for data breaches must inform affected parties and the ICO within 72 hours of a breach and will face fines of up to €20 million or 4% of global revenue. Respectable and licensed ITADs are aware that they, as Data Processors, will be jointly liable for any data breach post GDPR and will not want to risk either the fines or their own reputational damage.
Irresponsible Resale of IT Equipment
There is a large and growing market for second hand IT hardware – especially in developing countries – and free IT asset disposal companies often cover their costs by reselling IT equipment which they are entrusted to dispose of. While there is nothing wrong with this practice in theory (reliable ITAD companies also resell and donate old IT equipment), the ramifications for you and/or your clients could be significant if the data on this hardware is not disposed of correctly before being re-sold. If the ITAD provider you have entrusted to dispose of your IT hardware fails to comply with the regulations outlined in this article then your data may very well be retrievable by the individuals whom the hardware is later sold or donated to.
Free ITAD providers often provide an unreliable IT asset disposal service, and when it comes to managing sensitive data, reliability is priceless. Before you engage an ITAD to dispose of your data ask them about their compliance with the regulations and directives outlined in this article, and request to see certifications where appropriate.
For further information and an overview of relevant environmental and legislative requirements for IT Asset Disposal please visit https://www.eolitservices.co.uk/environment-and-csr/legislation-overview/
If you have any further questions about the safe and reliable disposal of IT assets, please do not hesitate to get in touch with EOL IT Services, the UK’s most accredited IT asset disposal company. Contact us today on 0845 600 4696 to find out how we can help you dispose of your data safely and reliably.