In November 2012, the ICO published a guidance document intending to “explain to data controllers what they need to consider when disposing of electronic equipment that may contain personal data”, with reference to the obligations set out in the 7th data protection principle – controllers must ensure personal data are protected by appropriate security measures.
The main idea of this guidance is that data controllers should create and impose an “asset disposal strategy” which should notably identify how the organisation disposes of IT assets, assess the risks of that process, record the IT devices containing personal data; categorise the personal data processed and assign the responsibility of this process to a sufficiently senior staff member.
Another recommendation made by the ICO is for organisations who wish to engage third party providers to dispose of their IT assets to(i)conduct a risk assessment of the intended provider to ensure it offers sufficient guarantees about its security measures, and(ii)execute a written agreement with the chosen provider. The written agreement must contain specific provisions in accordance with the 7th data protection principle.
This guidance document is thus a useful tool for organisations planning to review their IT asset disposal procedures in light of the Data Protection Act 1998.
Charterhouse Muller a Reading, Berkshire based high security IT Asset Disposal company works in excess of these principles and best practice measures. Utilising GPS tracked vehicles, Security cleared staff, CESG Certified Tabernus data erasure software, high security and vetted premises along with a fully auditable process and reporting set of procedures.
“If you are looking for a ‘white glove’ approach to your data bearing assets, you should really be speaking with Charterhouse Muller” Comments Nicola-Milsom James, Director of Operations for Reading based Charterhouse Muller.
“The value of our service is that we do what we say on the tin, all assets we handle are erased using Certified data erasure software supplied by our vendor Tabernus, any items where we are unable completely guarantee the removal of data such as IP/SIP/Voip Phones are processed through our shredders” continues Milsom-James.
There is obvious value in redundant IT equipment, however in order to save potential fines, embarrassment a proper and appropriate IT Asset Disposal and computer recycling process should be implemented.
To find out more about the Information Commissioners Office guidance for IT Asset Disposal can checkout: http://www.ico.org.uk/news/latest_news/2013/~/media/documents/library/Data_Protection/Detailed_specialist_guides/it_asset_disposal_for_organisations_20121_pdf.pdf