Johannesburg, 13 Jul 2015
Liability for protecting your data may be transferable, but protection of your reputation is not, says Wale Arewa, Chief Executive Officer for Xperien, Africa's ITAD architect.
ITAD is not an accreditation profession in South Africa.
The IT asset disposal industry is in its infancy, and we have no regulations of standards dedicated to IT asset management of which disposal is the last cycle. This means service providers can offer you what they like and claim it as best practice. SA's data protection law only states that "a system should be implemented and updated according to best practices". What are the best practices?
ITAD will remain unregulated because the Protection of Personal Information Act does not govern service providers. The closest thing we have to regulation is the code of ethics bestowed on members of the e-waste association of South Africa.
If you have a service provider, how transparent is it?
One would at least expect a reporting system and immediate access to the following information:
* Asset disposed;
* Asset values;
* Disposal and data destruction certificates; and
* Service costs.
There are around 50 operators in the industry offering ITAD services; they range from one-man bands to managers supplying their buddies' IT shops, printer repair and service companies, scrap metal dealers, e-waste consultants, removals contractors, and leasing companies all offering ITAD services.
There are few companies that offer ITAD as a core function, so what can you expect from professional service?
An ideal service would develop effective solutions to everyday challenges, beginning with the risk associated with data loss.
Preventing data loss from hard drive shortages is a recurring incident throughout the disposal process.
Handover of retired equipment should be immediate to avoid inevitable loss that occurs in IT storerooms; secure reverse logistics with a chain of custody should be provided for each item containing a hard drive; and daily trend reporting available on request. In the ideal world, there should be a project management system that would offer the following:
* Handover of redundant IT equipment;
* Minimise storage to prevent shortages;
* Call centre to schedule hardware collection;
* Packaging;
* Secure transportation;
* Onsite data elimination;
* Data destruction compliance certificates;
* E-waste disposal compliance certificates;
* Asset buyback; and
* Trending reporting and an audit trail.
If your service provider can deliver all these criteria with clear and transparent charges, you are on the right track. After considering a residual value that you may receive for your reductant asset, if you don't have a service provider that understands data loss, it may lead to reputational risk and you may want to ask: "Who's auditing your service provider?"
Share