There are two main pieces of legislation affecting the disposal of IT equipment; the Data Protection Act and the WEEE Regulations
Make sure your business stays on the right side of the law – avoid fines, loss of reputation and and loss of business. The Information Commissioner’s Office now has greater powers to fine companies who are in breach of the Data Protection Act or simply are not registered with them as data processors.
Data Protection Act
Most businesses in the UK are affected by the DPA and it affects the handling, storage and disposal of data.
More details can be found on the Information Commissioner’s Office website (www.ico.gov.uk) and it is full of information on data protection policies, best practice and implementation. The ICO is gaining increased powers to clamp down on data protection breaches as the number of incidents increase.
A key principle of the DPA is to guard against loss of data; since this is most likely to happen when disposing of redundant IT equipment our secure disposal services help businesses avoid the increasingly expensive fines that a data breach results in.
Don’t risk it, get us in to deal with any redundant equipment that is lying around.
Businesses in the UK need to comply with the WEEE Regulations when disposing of any waste electrical and electronic equipment. WEEE cannot be disposed of with general waste, dumped or fly-tipped.
This equipment must be disposed of legally and responsibly and our Waste Transfer Notes allow customers to prove they have given their waste to a registered Waste Carrier to dispose of, allowing them to fulfil their legal Duty of Care.
Full asset tracking of removed equipment can be provided to assist with IT lifecycle management.
ISO 27001 Compliance
The secure disposal of equipment is a key control of ISO 27001 Information Security Management (A.9.2.6 – Secure disposal or re-use of equipment) and holders of this certificate need to ensure that sensitive data has been removed before equipment is disposed of.
There are many other standards and systems that require secure, certified destruction of computer data including; PCI DSS (Payment Card Industry Data Descurity Standard), NIST (National Institute of Standards and Technology, HIPPA (Health Information Portability and Accountability Act).