South African authorities have warned that with the third wave of COVID-19 crashing upon the country and amidst increasing calls for schooling to be temporarily suspended, it could prove helpful for educational institutions across the country to use the time away from teaching to put some focus into protecting their data privacy.
Schools and other tertiary institutions store and process more personal information than most other organisations, they are by far the most affected by the Protection of Personal Information Act, No 4 of 2012 (PoPIA), which comes into effect on 1 July 2021.
Read also:South Africa Imposes Another Booze Restrictions as 3rd Wave Soar
In terms of the data protection laws, all private and public bodies processing personal information, are required to have implemented policies and procedures in order to be compliant. This is including bodies in the education sector.
Many of these institutions have heaps of old computer equipment lying in their storerooms. This equipment has huge amounts of data, not only on the pupils but on parents and teachers as well. This provides significant private information concerns. Reckless disposal of electronics is a huge source of illicit information and it often puts schools at risk.
Xperien ITAD specialist Bridgette Vermaak warns schools to comply by ensuring that the data on all their retired electronics is erased or destroyed according to the PoPIA regulations.
Read also:How South African Government Lost Majority Stake in South African Airways
“Deleting files is not sufficient. Data erasure and IT asset disposal have legislative requirements, compliance to PoPIA, the National Environmental Waste Management Act 2008 (NEMWA 2008), the Consumer Protection Act 68 of 2008 (CPA) and General Data Protection Regulations (GDPR),” Vermaak says.
According to legislation, schools and other tertiary institutions are required to manage the complete destruction of all data when IT assets reach end-of-life. PoPIA requires them to practice due diligence and ensure their storerooms go through the expected data erasure techniques essential to protect company data.
Schools that manage IT asset disposition internally continue to struggle with data security and proper environmental recycling. Efficient IT infrastructure life cycle management and secure IT asset disposition (ITAD) can help them maximise value at every stage of their technology investment.
IT Asset Disposal (ITAD) services have become a legal requirement; they are no longer a luxury. It is crucial to find a professional ITAD provider that can offer data sanitisation and destruction services to protect the data.
Read also:New $155m Fund For African Solar Energy Businesses, Courtesy Of AREF II Fund
Value recovery is a crucial part of the process, schools need to receive fair market value for end-of-life and redundant IT equipment. Professional ITAD service providers normally offer to purchase these assets, this includes the collection, data erasure and reporting. More importantly, most of these institutions are also missing out on the opportunity to get money back for their used IT equipment.
Schools also need to implement a data protection programme that aims at helping pupils understand their responsibilities. Children must understand the implications of unauthorised publishing of personal information and images of third parties, including all social media platforms like Whatsapp, Facebook and Instagram.
It could cause serious harm to the school, its stakeholders and its learners, concludes Vermaak.
Kelechi Deca
Kelechi Deca has over two decades of media experience, he has traveled to over 77 countries reporting on multilateral development institutions, international business, trade, travels, culture, and diplomacy. He is also a petrol head with in-depth knowledge of automobiles and the auto industry