What to do about non-compliant old PCs

By Janice Roberts

By Bridgette Vermaak: Head of ITAD department at Xperien.

Disposing of old computer equipment used to be a mindless process, but those methods of the past are no longer an option with the introduction of new laws and regulations. The days of piling it up in storage or simply selling it off to staff or second-hand retailers or even dumping it in a landfill, are over.

CEOs should be concerned about non-compliant old PCs that are piling up in storage, especially since the Protection of Personal Information (PoPI) Act came into being. All those old hard drives usually contain vital client information and must be removed in a manner that is compliant with the Act.

Simply pushing the “Delete” button also won’t do it nor will running a magnet over the old hard drives in an attempt to erase data. Even using the old hard drives for target practice or drilling holes in them will not satisfy the prescriptions of the PoPI Act and nor does factory reset encryption.

Scores of old hard drives were recently found being sold on the street in downtown Johannesburg; they were either stolen by company insiders or disposed of by the company themselves. What the buyers were actually looking for was client data: ID numbers, credit card information, bank account details and anything else that might be of value.

Syndicates will pay large amounts of cash for hard drives. All they really want is the information, particularly from companies in the financial and insurance sectors. Last year financial services group Liberty announced a massive data breach that is reckoned to have cost millions to fix, even though no clients reportedly lost any money.

Hidden costs

Many companies are disposing of old computer equipment by putting it in storage. The problem with this is that storage costs money and then there are the insurance costs.

But the biggest potential cost is the risk of falling foul to PoPI and exposing client or company information. Simply dumping old equipment in landfill sites also doesn’t satisfy the requirements of PoPI because of the environmental risks of toxic materials in electronic waste.

The PoPI Act is designed to ensure that all South African institutions conduct themselves in a responsible manner when collecting, processing, storing and sharing another entity’s personal information by holding them accountable should they abuse or compromise your personal information in any way.

Blancco vice president of enterprise and cloud erasure solutions Fredrik Forslund says companies stockpile old hardware wherever they have some free space and that is driving up costs. Furthermore, many companies are still struggling to come to grips with the implications – and risks – of violating the Act.

Companies like Xperien have a track record in the refurbishment and disposal of old computer equipment in a way that is fully compliant with the PoPI Act. The safe erasure of data is carried out using specialised tools like Blancco, which is recommended by IT consulting firm Gartner as one of the most suitable tools for this purpose.

This is done either on site or removed under strictly supervised and secure conditions for off-site handling. Once the data is safely erased, the client company is issued with a PoPI-compliant certificate.

Most companies retire their computer equipment after 3 – 5 years and it typically has a residual value of 10 – 20% of the original cost. That residual can quickly devalue the longer the retired equipment is kept in storage. There are broadly three options available to companies contemplating the disposal of old equipment.

Firstly, sell the equipment outright to a company like Xperien and recover the residual value which can then be put straight back into the company’s IT budget. This would include the certified erasure of client data from hard drives.

Alternatively, companies like Xperien can refurbish the equipment and also do full data erasure. This equipment can then be sold to company staff at a reduced price that is often up to 75% of the original cost.

Finally, the company can consider donating the refurbished equipment to schools and orphanages and claim the tax benefits.



Tagged under:

Visit the official COVID-19 government website to stay informed: sacoronavirus.co.za