Fried Polar Bear or a Data Breach? You Choose?

Balance sheets do not care about the planet; that’s for sure.

Recycling costs. And it is something that irritates even big companies, even though the cost is really not huge. It is simply irritating because you are paying to throw something ‘of value’ away. Except that value has dissipated, but the budget holder see’s the cost of the new stuff and resents paying another few quid to make room for it.

We are constantly getting undercut. Either potential customers focus too much on the upfront costs and gives away a lot of resale value without knowing or maybe even caring, or they risk getting shafted by someone who will not do things properly.

Give eReco a list of stuff you intend to dispose of and we can judge the value. Not precisely, because as with used cars until you open the bonnet you cannot be quite sure, but an idea. And once we have done our stuff we like to share with our customers – as in give you money back. Not all of it of course. We have costs to cover and take on risks of our own. We put software back on where necessary and offer warranties. We clean things up, test them to make sure they are not about to explode and deliver them to their new owners. So we keep a percentage.

Some people like that, a lot. Mainly because they know they are regularly getting rid of stuff that retains some residual value. In those cases, we may agree not to charge for collection, processing and data erasure up front, but take that out before we divvy up. Our costs remain transparent but no filthy lucre changes hands at the first stage.

But most companies dispose of a mixture of stuff. Some good, some not so good. And in those circumstances collection and processing has to be paid for. If someone is not charging you for that I would be asking myself why.

However, the message we need to get across is a green one. I know a lot of people will be rolling their eyes at that comment. I have my moments too. It is why I prefer to talk about sustainability, but it is the most important issue here.

If you are getting rid of an electrical appliance with a memory function only two things count. Data security obviously and responsible disposal. Businesses pay to get rid of every other sort of waste so they have to pay for IT waste, even if it did cost them an arm and a leg once.

I am not bothered about being undercut on price. I really am quite happy to defend our costs, but I think the sustainability argument should have been won already. Then we are just left with data security and that is where the costs get cut by the unscrupulous.

Far too many ITAD suppliers are underselling themselves, and that must be either to the detriment of the environment or data security. There are no other costs to cut. So if you are making decisions on disposal based only on price, which one are you risking? Are you frying a polar bear or inviting someone to nick your database?

Risk Management, Own Goals and Kieran Gibb's Left Leg

Own goals are annoying. As Kieran Gibbs stuck out a foot and ruined my weekend on Saturday evening it occurred to me that fate was against my beloved Arsenal FC. Because even when the cross cum shot hit his errant shinbone, it could have gone anywhere. It was fate that stuck it in the far corner and shoved us on our way to ignominious defeat.

Risk management is an undervalued skill in modern business. It does tend to get lost in the general tedium of processes and procedures, all of which are really designed to prevent something. For instance, I personally loath the culture of excessive health and safety. It is ridiculous that some schools ban their pupils from playing conkers, for example. However, at the core of it all, someone is just trying to prevent unnecessary accidents. (Mind you, is there such a thing as a necessary accident?)

Any business needs to try and remove fate from the equation. ‘Management’ should never trust to luck and hope that our left back won’t bump into the goalkeeper and still be getting up when the ball is heading his way. So a lot of people in little offices spend a lot of time and money trying to avoid the avoidable. It makes sense.

We end up with procedures for everything. And most of them have a flow chart somewhere. Every option and decision has been considered and as long as we stick to the procedures everything will turn out fine. In Arsenal’s case, if our Polish goalkeeper and English left back had managed to shout at each other, thus preventing a collision, Manchester United would never have been handed a one nil lead on a plate. Dear Kieran would then not have spent the rest of the game playing as a shadow centre forward, leaving behind him a gap so huge even Wayne Rooney managed to scamper through to score a second. Yes, we let a man who allegedly looks like Donkey from the Shrek movies score. It certainly turned me a nice shade of green! (And yes, I am bitter. Very.)

The simple fact is human beings do not always follow procedures. Fate sometimes takes a hand but more often than not we think we can cut a corner here or there. Maybe to save five minutes, or maybe because we think we know best. And nowhere is this human trait more obvious than in the disposal of old equipment. (Yes, you knew I would get back on topic sooner or later, but I am not finished with Arsenal yet, believe me. Not by a long chalk.)

There are rules, laws even, and therefore there are procedures which should be followed, or should be. In big companies, and especially in any businesses which are closely regulated, such as lawyers, accountants and medical institutions, ignoring the risks is insane. But people do it all the time.

I am relatively new to this lark, but it already does my head in. Not quite as much as watching Arsenal self destruct, but it is getting there. Why would anyone risk a big fine and possible ruin by letting any old Wayne, Robin or Angel De Flipping Maria take away their old IT equipment? Of course they said they will do it properly and at the wonderful price of FREE! 

Who could resist such a deal because the only risk you have is 2% of your global turnover, severe brand damage and an extremely large dent in your own personal career!

We charge a bit for mileage plus 85p a kilo to collect assorted kit (a bit more if it is hazardous) and charge £5 per hard disk to erase all the data and provide you with all the paperwork you could ever want. More than Wayne Rooney could ever want to read that is for sure. Then, if your kit is re-saleable, we will sell it and after our costs, share the proceeds with you. That is peanuts.

So, to use a reputable, properly accredited IT recycling specialist will cost you a little bit, but you will have followed the letter of the law and have the paperwork to prove it. As Harry Potter said when he was finished with the magical marauders map of Hogwarts, ‘mischief managed’. That is risk management in a nutshell, all done and dusted.

It is what any half decent process will tell you to do. Get a decent supplier, check that they do it all properly and get it done. It’s not rocket science. So why do so many people ignore commonsense and use the first person that says they can do it for nothing?

So, do me a favour. Consider managing your own risks, regardless of your size. And if you are Wojciech Szczęsny, next time you come for a cross, please call very loudly to prevent accidents. Preferably in English so that Kieran definitely gets it...

Tea and Toast with the ICO and a Lecture from Nanny

I had breakfast with Chris Graham, the ICO, this morning.

Well, he was on TV, warning people to make sure their webcams are password protected or closed to outside scrutiny. Apparently there is a Russian website spying on thousands of webcams around the world, a community service provided just to warn all those shopkeepers and concerned parents about what a determined hacker can do.

Mr Graham made a good coherent case when he was talking about lax data security. But he lost me a little bit when he started talking about punishing the offenders. Essentially he was saying that any businesses which were lax about this sort of thing and infringed their customer’s or patient’s rights would be dealt with most severely. I got the impression that they would definitely be grounded for quite a long time. Nanny was not very amused.

The BBC moved from Chris to RBS, who have just been fined another immense sum for cocking up their computer system. Another regulator appeared to lambast the poor beleaguered bank for not understanding its IT responsibilities.

I know, it is hard to have too much sympathy for a banker. They should have the nous and the resources to get their systems right, but the big fines clearly aren’t acting as much of a deterrent and maybe the regulators and the government, who ultimately define their brief, should go back to the drawing board and try educating as well as regulating.

Data is not taken seriously. It never has been. Whenever there is a disaster, everyone gets into a right old two and eight for a day or two, someone gets fined and we carry on regardless. For a business like RBS, their IT systems and security ought be top notch, and if it is not, who is to blame? Obviously the board, who must answer to their shareholders (mostly us, as we still own 80% of it) for this fine, but the question I would be asking is which director holds the responsibility and how much clout does he have at the top table?

The answer is not much; otherwise these mistakes would not be made. None of us put data very high on our agenda, so why should we expect big business to do so? Lip service is paid to data security right from the get go, right up until those hard disks come into our sphere of influence.

Two things should be much higher on corporate agendas; data security and sustainability. The only way to achieve that is to educate people, right from the first time they get an electronic device which connects to the internet. That way, when Wayne and Waynetta buy that cot cam to keep a constant eye on little Tarquin, they will understand that a bored Russian hacker could get past their firewall and have a look at the Bob the Builder duvet.

Back in the Wacky World of Data

My journey into the sometimes disturbing world of data and business information started some eighteen years ago I suppose, and after a brief hiatus I find myself back, this time trying to get my head around the business of recycling IT equipment and making sure that no data falls into the wrong hands during the process.

This is serious stuff. The Information Commissioner will soon have the power to fine companies and organisations 2% of global turnover. My local hospital was recently fined £200k for a data breach caused when they got rid of some PC's to the wrong man. And it's not just the fine. The guilty culprits are all over the internet, there for all to see. Just type in data breach and you'll see them too...or visit the ICO's website.

On joining eReco, a fine company operating out of sometimes sunny East Grinstead in West Sussex, I have gone on the usual steep learning curve. I have learned a lot of jargon, which we will revisit when this Blog finds its feet no doubt, and I have talked to a lot of customers and prospects. I find that a good place to start, long before I know what the hell I am doing in normal circumstances, because if you ask the really dumb questions you get some surprising answers.

Now even before joining www.ereco.co.uk I knew that deleting a file in Windows did not remove the data from your hard disk. But one of the first accountants I talked to did this, and then gave his redundant PC's away to a charity. So he has given away all of his data, all his clients data, and he has not even thought about the risk to his brand, his business or his career?

Crazy, I think so.

Most business owners know two things about this subject. One, you can't just throw IT equipment away. It's illegal. And you can't take it down the dump either, that is not for business use. So it is a problem.

Secondly, everyone knows that the hard disk is another problem. We may not be sure what one looks like but we all know it is there, and that it has our whole lives on it somewhere...passwords, figures, bank accounts, everything we ever do.

So even though we have a shiny new bit of kit on our desk, we are not too sure what to do about our old friend. If we are lucky enough to work for a big-ish business someone in IT might do it for us but quite often it will end up in a storeroom somewhere. The risk is not diminished, it's just moved.

So...are you a hoarder or giving your data away for free?