It has emerged that a growing amount of computer equipment from Europe, Asia and North America is finding its way to toxic eWaste dumps throughout Afrika. One example is a computer monitor from St George Bank, which was destined for recycling in Australia being found on a toxic eWaste dump in Ghana.
In this specific example, it is worth mentioning that it is illegal to export redundant computer equipment out of Australia, that is considered hazardous waste.
“The biggest problem is the information stored in these devices. When we discard any IT equipment, we also release that information. Companies don't really know what information is stored on a specific device," said Wale Arewa, CEO at Xperien.
In South Africa, there are laws that regulate the disposal of eWaste, these include the Protection of Personal Information Act 2013 (PoPI 2013), the National Environmental Waste Management Act 2008 (NEMWA 2008) and the Consumer Protection Act 68 of 2008 (CPA). eWaste can be defined as anything from servers, storage devices, computers, tablets, phones and (if you still have them) fax machines.
Information stored on the IT equipment can lead to the loss of other information and a company's reputation can be damaged.
Apart from environmental concerns, there is also the potential reputational risk that organizations face as eWaste may contain information such as databases, personal data, private information, passwords, application IDs, links to secure websites and information, financial data, intellectual property, healthcare information and data on friends and relatives. Losing intellectual property information could result in severe revenue damage.
A possible solution to mitigate against both the environmental and reputational risk is ensuring an organization has a documented IT asset disposition policy (ITAD).
"Companies need to decommission IT devices and their contents effectively. A proper policy includes the need to control the data that is stored on the IT equipment, its disposition, removal, and transfer," said Arewa.
"You need to track your assets and ensure you efficiently use them during their normal life. This is a matter of ensuring that your investment is successful. Also, the ability to ensure that you comply with the increasing number of regulations and compliance requirements surrounding IT assets. IT asset disposal is also a concern to environmental organisations so you need an enforceable policy with standardised practices across your organisation to make this work,"
Creating such a policy means that an organization should develop a set of best practices and a framework that includes documenting all the IT assets. More importantly, an organization would need to set up policies for data destruction, asset tracking, complying with data security standards, and regulatory compliance requirements.
"Finally, use your employees to help flag violations. Also ensure that your employees know that when they do not adhere to the policy, there will be penalties," concluded Awera.
Image Credit: Wikimedia Commons