Friday, 12 December 2014

Wenger’s Woes and ITAD Best Practise

Arsene Wenger is an honourable man of obvious integrity. As manager of Arsenal Football Club he has suffered from occasional bouts of short-sightedness but he is generally respected for his achievements over the last 18 years or so. But right now he is being abused by a portion of society for which there is as yet no printable descriptor.


Because Arsenal are 6th in the Premier League and in the last 16 of the Champions League. Not a great season so far admittedly but no reason to panic. But panicking is what we do best in this day and age. We can panic in 140 characters or less in a matter of seconds. We can abuse. We can call on the support of heavyweight thinkers like Piers Morgan.

There is something about our society today that looks to apportion instant blame, without assessing the facts, without waiting for the dust to settle. The ability to comment instantly, and be vile and abusive without much fear of retaliation brings out the very worst in human nature.

In my view, the media fan these flames to an intolerable degree. Almost every news program seems to include Twitter comments from ordinary people. Something is trending usually before the BBC knows what is going on and we fly off on many strange tangents until the truth emerges from the mist. Can you imagine if Twitter had been around the day Diana died? #thedukedidit

Data scares get the same sort of treatment, maybe without the tribal fury of football, but any company caught out losing or abusing data gets a proper public hanging (you were wondering how I would get this back on topic weren’t you?). RBS were the latest example. Their IT system crashed denying their customers access to their money and the regulators fined them some £60m for having the temerity to make a mistake.

The comments on Social Media were as bad as Wenger. The faceless board of RBS, mostly owned by the taxpayers of this country at present, were pilloried and heads were supposed to roll. And then something else happened, or Arsenal won 6-0, and people moved on.

Which is nonsense. The whole furore missed the point as far as I was concerned, which in this particular example was in a boring little interview I heard on Radio 4. One of the experts consulted suggested that our banks are still using antiquated systems because there were serious security doubts about investing in newer stuff, and that the RBS problems were caused by the simple fact that no one knew how to fix the problem when it arose. The people who designed this kit have moved on, or retired, and the system is allegedly held together by sticking plaster.

I cannot vouch for this particular version of events but surely it merited further investigation, and those of a certain vintage with a cynical nature will admit that it has the stench of truth. But no, the media do not do much serious investigation anymore. The public attention span does not allow for it and the world had moved on. Twitter was alive with pictures of cute kittens.

Except I can’t, I am afraid. Move on, that is. I make my living out of data security and data protection needs to be on the agenda all the time. There are rules for this sort of stuff, but big business tends to comply in an offhand sort of fashion, paying lip service, doing its best to keep out of trouble but not taking the intention of the rules seriously.

If prevention really is better than cure the ICO and the banking regulators should be ensuring that the banks invest properly in a safe and secure infrastructure, not just sitting back and fining them when it all goes wrong. Ideally this sort of joined up thinking should be applied to all levels of data security and we could address some of the anomalies.

Like what, I hear you cry? Well, I will give you just one for today. Any business controlled by the Financial Conduct Authority has extra responsibilities beyond those on ordinary businesses. There is for instance a strong suggestion in their published fact sheet that hard drives should be wiped using specialist software before disposal, before the redundant equipment actually leaves the office.

Does this happen?

Well, I can only tell you this. EReco are one of only a few ITAD specialists who will send one of our teams to your office to run our software in your own secure environment. This is exactly the sort of software the FCA are talking about, and whilst it is not rocket science you need some training and not everyone can buy the software in the first place. Bearing in mind the FCA advice, you would think that our lads are out all the time, wouldn’t you?

Not so. Many of our financial customers are extremely secure, and we help them to remain so, but we have only rarely been engaged to data wipe on site. Read the FCA data fact sheet for yourself and see how many of these suggestions are being followed by companies you visit? FCA Factsheet

I am not saying these companies are taking any risks. If someone is using eReco, or indeed another reputable ITAD supplier, we take data security really very seriously indeed, right from the point of collection. It may be that the guidelines are too strict? It may be that the mobile shredders take up a lot of this business, which would be a shame as that is not the best solution environmentally. But the fact is that the rules are not being followed to the letter, even if many if not most are doing their best to follow the spirit.

In part, I think this is our fault. Not just eReco, but the entire industry. We are not strong enough at highlighting best practise. We have not effectively marketed our wares to SME’s, including selling the need for sustainability as well as data security, but also the regulators have failed to educate their members. I would like to see much clearer, unambiguous direction from the FCA, the ICO and other interested parties.

This is something we are trying to address, not least through this humble blog.