The Data Protection Act is based on eight principles that deal with information handling which gives people certain rights over their personal information and places obligations over organizations that process that information. TraceTM e-waste solutions provide the best solution for IT recycling and disposal. More information on green computing is available at http://www.brighthub.com/environment/green-computing/articles/71375.aspx
One should ensure that the disposal of information is assigned to a person among the staff who has suitable authority to do so. Also a full inventory must be taken for all the equipment which has been marked for disposal. It is important to decide beforehand about what is going to happen to the devices that have been marked for disposal. Each method of disposal has security vulnerabilities and it must be decided carefully. It is important and necessary to delete or destroy personal data before recycling a device; this helps in making the data inaccessible from the device that is going to leave one’s ownership. Having a written contract with the data processor will ensure the proper level of security and safety of information.
Creating Asset Disposal Strategy
Personal data deletion and IT asset disposal are important and it could be added to the security policy. The following points could help in creating a strategy.
Determining the method of disposal
Deciding the fate of the devices that are no longer needed makes the disposal easier. The decision must be made on whether the device is going to be made available for reuse, destroyed or recycled. Considering the process of the removal of assets from an organization and appointing a proper person to be involved is also a necessary step.
Conducting risk assessment of the disposal process
Each method of disposal has security vulnerability and it must be considered before involving a specialist in asset disposal service or deleting the personal data by oneself before recycling it. Each method has its own security risks.
The recycled device could be donated to another user or the equipment has to be returned to the owner after the leased period has ended. In such cases, one might think of deleting the personal data by themselves before recycling the equipment. Using a specialist service provider can also be considered. Whatever the choice may be, it is important to understand the fact that personal data will be leaving the owner’s custody when the device is given for reuse or recycling and it is always better to have a risk assessment. A written record with the donor and the recipient might help secure a few things.
Identifying the device that has personal data
Most of the data would be stored on personal computers and laptops; but it is important to consider other electronic devices that could store information; electronic devices like Smartphones, fax machines, servers, printers, USB, backup storage, tablets, etc., will have information in them. If the help of specialist service provider is not taken, it is important to delete all personal data before recycling so that the data is not accessible to anyone else.