On a recent visit to the Sandton offices of a giant US-based company, I learned of an IT manager losing his job.
Here is the unfortunate story:
The Sales Manager of the corporate division walked over to the IT Central Support Desk (ITCSD) to collect his new Core-i5 notebook, which had just been loaded with his spreadsheets and CRM system, so very much ready to “plug and play”.
Instead of handing his three-year-old, now out-of-warranty machine back, he opted to take the option of purchasing the old device from the company at 15% of its original value, as per IT department procedure. The IT Manager enabled a guest account and left his data intact on his domain login in case he wanted to move some data over to his new device.
That evening when the Sales Manager got home, he excitedly cleaned his trusted old machine up and got it wrapped and ready to surprise his equally excited 21-year-old daughter, a third-year computer science graduate at UJ. That night at dinner, when the time was right, the Sales Manager, a 22-year veteran of the company, handed the surprise gift over to his no doubt happy daughter
As the device was partly locked on a corporate domain, her friends in class soon took on the challenge to attempt to hack into the machine. Standard process at the company was to remove all software and then reformat end of life equipment. Utilising a piece of software available free on the Internet, the student had no problem hacking in and retrieving copious amounts of confidential company info.
Unbeknownst to her, this then triggered a “data breach event” thousands of kilometres away in the Texas global IT control room, and within minutes, the CEO was notified. The South African IT manager with 22 years of experience with the firm and who had cleared the machine for staff sale, was hauled in and fired forthwith.
The key lesson here for IT Management across South Africa is that with the POPI Act scheduled to be promulgated into law in 2019, there is no more room left for error when it comes to the disposal of end-of-life IT assets: it is simply compliance or bust.
In the US, where lawsuits can run into the billions of dollars, the majority of large corporates across the length and breadth of the country outsource this end-of-term compliance (and risk) to professional IT Asset Disposal companies, which exist through the absolute necessity of protecting data in the digital world, as well as environmental liability.
Fully-compliant asset disposal
Here in SA, equally dominant IT businesses like Tarsus Technology Group have created fully-compliant IT Asset Disposal divisions to assist the IT channel as well as corporate South Africa to “sleep at night”.
To avoid the above true story happening to you, why not contact Dispose-IT for a no obligations discussion on what the service offerings of a company like Tarsus Dispose-IT could do for you and your business?
The time has never been more urgent.
Ron Keschner is a Director at Dispose-IT.