Although CIOs are primarily responsible for the IT asset lifecycle, most executives have very little or no idea when it comes to IT asset disposal (ITAD). More importantly, very few know how to meet legislative compliance whilst reducing total cost of ownership.
Executives responsible for IT asset management need to understand the principles of IT Asset Disposal (ITAD) and they need to consider regulatory compliance and the protection of company information. IT disposal has legislative requirements, compliance to Protection of Personal Information Act 2013 (PoPI 2013), the National Environmental Waste Management Act 2008 (NEMWA 2008) and the Consumer Protection Act 68 of 2008 (CPA).
Xperien CEO Wale Arewa says they are more involved in systems analysis to determine what IT resources are required for the organisations and they manage multimillion Rand procurement budgets to maximise Return on Investment (ROI). “Considering that the largest budget is often allocated towards maintenance and support, they are prudent in selecting partners to implement maximum uptime.”
ITAD for a company with more than 5 000 assets is a major project that will involve a team of more than 100 people, split between five individual companies, several locations and many vehicles. Control is maintained through clearly defining responsibility and procedures, based on the policy.
“The implementation of an ITAD project is generally executed by management with the assistance of blue collar workers. The objectives of the organisation are bestowed on management by the executive because it is the executives that are liable to legislation, this is easily achieved by defining the ITAD policy,” he explains.
Not only is the introduction of mandatory protection of personal data a huge challenge for companies, but now organisations are being prompted to rethink how they approach the reuse, recycling or recovery of their e-waste. Xperien suggests the new PoPI Act will have serious consequences in the near future.
Arewa says auditability is paramount to maintaining this control and also provides the necessary feedback that will reduce costs, shortages and negate the whole compliance process. “For example, if a hard drive is lost during transportation, it may contain the personal information of thousands of clients or employees. The loss of personal information could be detrimental to any business, this is why it is so important to be fully compliant.”
The successful adoption of this Act will depend on a comprehensive understanding of the digital aspect of the new laws. Companies will be forced to change their processes to ensure that the personal information and data they collect is protected.
The PoPI Act is awaiting an implementation date, it will hold organisations liable for the safety of their information. Companies could face massive fines, civil claims and reputational damage claims if they fail to upgrade information technology security systems ahead of the implementation of the Act.