By Giulio Ricci at The ITAD Works
With the announcement by the UK Government that all schools in England will take on academy status by 2020, the way educational establishments are funded and managed will be increasingly under the spotlight over the next few years. With schools needing to take on the business ethics already used by further and higher education colleges and universities, it is vital that all education establishments properly manage their IT spending and look closely at the lifecycle of these vital assets
To protect the safety and security of pupils and staff, as well as the finances of your school, college or university, it is vital to have a full fully-managed IT lifecycle. This ensures that all the IT assets and the data held on them are properly managed and protected, from procurement to daily use and the eventual safe disposal, including (where possible) recycling to recuperate any residual value for your school, college or university.
The impact of legislation
It goes without saying that IT has taken centre stage in the education sector, not only as an academic subject but also as the tool that facilitates study and the education of pupils. All education establishments have an important duty of care for the sensitive information and data collected and used – obviously through the Data Protection Act 1998, but equally through the Protection of Freedoms Act 2012, which adds new legislation on holding personal data.
To add a further dimension to data security, the Protection of Freedoms Act 2012 also encompasses details held from biometric security systems such as fingerprints, iris or palm recognition readers. The British Educational Research Association study suggests 40% of the UK’s secondary schools and 10% of primary schools already use biometric systems, so this is an increasingly relevant and potentially dangerous area for data loss or theft.
Research by the British Educational Research Association also suggests that almost half of all schools may have an inadequate policy on data protection and information security. With the Information Commissioner’s Office (ICO) empowered to impose monetary penalties of up to £500,000 for breaches of the Data Protection Act 1998, this could potentially be a significant issue indeed.
Avoiding the risks
Data breaches, especially relating to the personal information of pupils or staff, can cause serious harm to all involved. As well as the potential financial penalties (the ICO has issued fines totally over £2.67m since 2010), the loss of trust and negative publicity can be ruinous to reputation and seriously undermine public confidence.
Overlooking your compliance with legislation on the grounds that it is overly burdensome and complicated is no defence for schools, colleges and universities. With stringent budget restraints and pressure to stretch them still further, fines are an unwelcome and unnecessary risk that needs to be avoided through proper IT lifecycle management.
Common risks to data
As well as inadequate IT protection, human error can be a key contributory factor to data loss. It’s vital that staff, pupils and parents are aware of the need to secure data as part of the data protection policy and usage guidelines. This is made even more complicated by the proliferation of information across your IT network, where modern smart devices have been a real game-changer in the way schools, colleges and universities operate.
As well as theft or loss, another major danger area for data leakage is when smart devices and traditional IT systems become redundant. From desktops and laptops to end-point devices such as smartphones, tablets and other IT devices – all have trusted links to your educational establishment’s core data systems.
Add into this mix storage media such as USB drives, which at end of life are no longer any individual’s responsibility. This is when a robust and thorough process for IT disposition is vital.
Making the most of your IT budget
Whilst protecting data is undoubtedly an important part of managing the IT lifecycle, it is equally important in retaining the best value from investments and avoiding or limiting unnecessary expense. IT systems are an important investment for the whole of their lifespan and one which your IT budget needs to realise the best ROI. Even older items are an asset and can be reassigned when newer items are added to the IT mix.
Equally, end-of-life items can also hold value for your school, college or university with the potential to recycle, re-sell or even reuse some items. However, it is vital that these items are cleaned of data or destroyed securely to ensure data security legislation is adhered to and your establishment is not vulnerable to an ICO fine.
Efficiently managing your IT lifecycle
Obviously failing to implement the right IT lifecycle policy could put your school, college or university at risk of falling foul of data protection regulations, but also you could be wasting resources if your IT expenditure is not servicing your requirements properly. Keeping a close eye on all your assets and the data stored on them is an essential consideration and will ensure your budget is providing the level of service you require.
A well-designed and managed IT lifecycle policy makes it fully possible to avoid data loss on redundant assets and at the same time to reduce your total cost of ownership. This can include data erasure, and where necessary, safely destroying the data device for complete assurance.
Ensuring secure and safe disposal of IT assets
As discussed, in many cases unwanted IT equipment can offer some return on your investment. For example, a used computer hard disk drive (HDD) can pose an obvious threat to data loss, but the rest of the machine may be fully serviceable and safe to re-use with a new HDD – or even with the original one securely erased using Government CESG approved software.
Remarketing safely erased equipment is an ideal way to recuperate value from items that are no longer required. Equally, once the data has been securely erased these items would be ideal for charitable donations, ensuring unwanted items can be reused by worthy causes whilst also saving the potential environmental impact of disposal.
However, when an item has no intrinsic value left, recycling is the only option. As well as ensuring data is safely disposed of, some legacy items harbour dangerous substances and chemicals. To avoid any further ethical or legal issues, it is wise to ensure your school, college or university adheres to current WEEE regulations and compliance – the perfect way to do this is to employ an expert disposal team who will remove any hazardous legacy items for safe disposal, ensuring environmental compliance.
Professional assistance offers peace of mind and better value for money
Lead by IT asset disposition expert Robin Gue, the company was formed in 2002. Our mission is to ensure you have a robust solution which will limit your risk of data leakage and the potential consequences from it. Additionally, we will ensure your school, college or university achieves full asset optimisation to get the full value from your equipment, as well as ensuring the safe and ethical disposal of these assets.
With strict quality controlled processes, we will ensure your data is fully contained and hardware is safely and efficiently disposed of – with compliance in terms of data protection and environmental legislation firmly at the forefront of this.
Legislation protects your school, college or university, its students and staff, so always needs to be observed and planned for. However, The ITAD Works will ensure your IT doesn’t go from an asset to a potential data security threat, whatever the legislation dictates.