Five steps to legally compliant disposal of your e-waste
Whether you're running a small enterprise or managing a large organisation, responsible disposal of electronic waste (e-waste) should be high on your agenda. Not only is it the right thing to do for the environment, it is also necessary to comply with a range of laws that have come into force over the past few years, says Kalpesh Jivan, partner relationship manager at Tarsus Dispose-IT.
For example, the National Environmental Management: Waste Act of 2008 requires the proper disposal of hazardous materials, including electronic goods. One must either have a strategy to take electronic items, from notebooks and desktops, to monitors and printers, to an e-waste recycling centre rather than simply throwing them in the bin with your other refuse - or have in place a programme to dispose of this equipment through a fully compliant specialist IT Asset Disposal Company (ITAD).
Then, there is the Protection of Personal Information Act (POPI), which requires the complete erasure of personal data from storage devices. What's more, tax regulations demand that you keep records when disposing of assets such as computers. Not only are there stiff penalties for businesses and directors found guilty of breaking these laws and regulations, including steep fines and possible jail time, but the King 4 Report on Corporate Governance now demands that the tracking of electronic equipment is included in the standard corporate audit process.
Here are five steps to compliance:
1. Plan for disposal as part of IT asset management
Remember to put policies and processes in place for disposal of computers, monitors and other electronic assets. If you include disposal into your life cycle planning for your IT assets, you will be able to manage the path to obsolescence and disposal in a disciplined manner. There should be a formal process in place to log the replacement and disposal of an old piece of equipment.
2. Give the job to a trustworthy team member
Keeping track of computer and electronic equipment for replacement and disposal is a major job in any sizeable organisation. It should be handled by a responsible person in the IT, admin or financial department, someone who will take it seriously. This person should be accountable for ensuring everyone in the business follows the processes and that records are kept of all disposals.
3. Secure your data
It's not unheard of in some companies, especially small businesses, to hand used equipment to an employee, their school-going child or the boss's favourite charity. But with the introduction of POPI, you cannot simply format the hard drive of the computer and give it over to someone else. It might be necessary to seek third-party help to ensure the data has been properly wiped and cannot be recovered.
4. Ensure you have a secure space for storage
It's usually more efficient and cost-effective to dispose of several pieces of equipment at a time than to ask someone to collect them separately or to deliver each item to the recycling site as it reaches obsolescence. You should make sure you have a lockable room or cabinet for storing old equipment, especially if the devices will have traces of your data on it.
5. Use of the services of a specialist
Compliance with the laws and regulations governing disposal of old IT assets and destroying the data they contain is complex. Specialists in e-waste can take the complexity off your hands, collecting your e-waste and disposing of it in safe, environmentally sound and legally compliant manner.
A good service provider might be able to offer you some cash for your old equipment, depending on its condition and value. It will also ensure the compliant erasure of data, following standards such as US Department of Defence international standards (US DOD 5220.22-M). Secure removal of data allows drives to be re-used, a more environmentally sustainable solution.
Such a company ensures the e-waste is broken down into components for recycling or re-use, thus reducing the environmental impact. In addition, the provider will be able to give you certificates of compliance so that you can prove, for example, that you disposed of a broken PC without realising any financial value or that you have destroyed personal data on your obsolete PCs and servers in manner that complies with POPI.
Most importantly, once the certification has been issued to the customer by the responsible ITAD specialist, the risk shifts to them in its entirety - this protects the company from any possible fines, jail time, or reputational damage