Ensuring compliance with Renew IT

Premier Sustain’s Renew IT provides a secure, sustainable and compliant clearance service for redundant IT and electrical equipment.  We ensure that security is always paramount and that we operate in compliance with all EU and UK legislation.

Data falling into the wrong hands can damage corporate reputation and result in financial loss as well as causing distress to the persons whose data is involved.  At the same time, managing redundant IT and electrical equipment conscientiously provides a great opportunity to demonstrate brand leadership and corporate social responsibility through the social and environmental benefits of reuse whilst saving money from disposal costs.

Data bearing devices

A wide range of IT and electrical equipment contain data that needs to be destroyed when the items become redundant, this includes:

  • Laptops
  • PC base units
  • Servers
  • USB sticks
  • Memory cards
  • Digital cameras
  • Mobile phones
  • MP3 players
  • Disk arrays
  • Tape drive
  • Routers
  • Switches
  • Printers
  • Copies
  • Faxes
  • Multi-function devices PDAs
  • CDs
  • DVDs
  • Tapes
  • Floppy disks
  • CCTV tapes
  • Digital video recorders Smart cards
  • Mobile phones
  • SIM cards

It’s always worth checking: Have tapes, CDs or DVDs been removed from drives?   Has headed paper been removed from paper trays?  Have laptop bags been emptied?

Relevant legislation

  • When disposing of redundant IT and electrical equipment, organisations are bound by data protection and environmental legislation, principally in the following areas:
  • Data protection The Data Protection Act 1998 controls how personal data is stored and used, and applies to anyone who holds data that can be used to identify a living individual. The UK Data Protection Act 1998 is superseded by the General Data Protection Regulation which will apply in the UK from 25th May 2018 and imposes tighter restrictions on controlling and processing data as well as greater penalties for breaches.
  • Waste duty of care Section 34 of the Environmental Protection Act 1990 states that all organisations that produce waste (including WEEE) have a legal responsibility to ensure that they produce, store, transport and dispose of it without harming the environment. This duty of care applies from when the waste is produced until it has been received by a business that is authorised to deal with it.  The business receiving the WEEE must have an appropriate Waste Carrier’s Licence if they are transporting the waste, and an appropriate environmental permit or exemption for the site(s) to which the WEEE is being taken.  Read DEFRA’s waste duty of care code of practice.
  • Waste electric and electronic equipment (WEEE) The WEEE directive and corresponding regulations aim to reduce the quantity of waste electrical and electronic equipment produced and increase its reuse, recovery and recycling. Under these regulations, the obligation broadly lies with producers of electrical and electronic equipment for ensuring that WEEE is treated and disposed of in an environmentally sound way.  If a business that generates WEEE does not use a producer take-back scheme, that business is obliged to dispose of its own WEEE in line with the waste duty of care outlined above.
  • Hazardous waste Some waste electrical and electronic equipment (WEEE) is classified as hazardous waste, including that which contains hazardous components or substances such as fluorescent tubes, nickel-cadmium batteries, and cathode ray tubes.  Waste is considered hazardous if it is harmful to humans or the environment and as a result, strict controls apply from the point of its production, to its movement, management, and recovery or disposal.  Check the Government’s list of WEEE which may be classified as hazardous.
  • Transfrontier shipment of waste These regulations govern the movement of recyclable materials across borders. They relate to non-hazardous (‘green list’), waste which can legally be shipped for recovery between any OECD (Organisation for Economic Co-operation and Development) countries (waste for disposal and exports of hazardous waste are largely not permitted).  Transfrontier shipment is strictly controlled and requires prior notification and written consent from the environmental regulator for the country from which the waste is being sent and the environmental regulator for the country where the waste is being received.

Determining data destruction requirements

Each organisation is responsible for its own data security and determining the damage a data loss would cause, not only to themselves but to individuals and the country.

The National Cyber Security Centre provides guidance to help organisations identify the impact of data loss and the appropriate level of destruction required for data bearing devices.

Data destruction with Renew IT

To ensure clients meet their legal requirements and to help them protect themselves, Premier Renew IT carries out the following data destruction services:

  • Data erasure At Renew IT, data is erased using Blancco 5 which is certified by the National Cyber Security Centre, the UK Government’s National Technical Authority for Information Assurance. Blancco 5 meets the highest security specifications detailed in the HMG InfoSec Standard No: 5 data destruction standard used by the British Government, delivering secure sanitation of all data.  All data is subject to overwriting followed by verification to assure that the data has been erased.      Where a data bearing device is faulty and cannot be erased, we physically destroy the item by crushing them and send the damaged data bearing devices to downstream partners for shredding and material recovery (see below).
  • Shredding/ disintegration Shedding, otherwise known as disintegration, uses specialist industrial shredding equipment to cut and/or grind data bearing devices into small particles, the size of which depends on security requirements. Premier employs trusted partners for data shredding either at clients’ sites or our own sites.

Protecting our clients and their assets        

As well as providing comprehensive data destruction services, Premier takes the following steps to protect our clients and their assets:

  • Liveried, tracked vehicles Premier employs a modern fleet of liveried and tracked vehicles to ensure the secure transportation of your assets, with air-ride suspension and the use of specialist protective packaging for added safety.
  • Security-cleared staff Our staff are all security-cleared to an appropriate level for the activities they undertake and carry security passes that give them access to the necessary areas of our building. The Renew IT Suite is only accessible to staff with relevant security clearance and passes.
  • Safe and secure storage Offering extensive storage facilities to our clients, Premier operates from secure sites with 24/7 on-site security and CCTV. The Renew IT suite has its own dedicated secure storage area for clients’ IT and electrical assets.
  • Trusted delivery partners Premier works with trusted delivery partners to provide specialist services such as shredding and recycling. These partners are extensively vetted and appropriately accredited (for example our data shredders operate in accordance with BS EN 15713 destruction of confidential information standard).
  • Full audit trail On completion of every Renew IT project, we provide our clients with a full audit trail which includes data destruction certification for all data bearing devices, itemised report with all corresponding asset serial numbers, asset tags and asset specifications as well as waste transfer notes and consignment notes for WEEE recycling.
  • Comprehensive insurance We are comprehensively insured to give our customers complete peace of mind.