Picture the scene - the teenager turns from reading an online news site and says, with a smile, “Told you I should have taken care of those old machines for you, Dad!” He leans over the boy’s shoulder and reads how someone has gained access to his employers’ private data, which should have been tightly controlled. What should he do?
The answer to that question is frequently felt to be “Call in the IT guys and give them a good roasting.” But this answer crumbles to nothing before your eyes.
If you examine some of the Federal cases in similar legal territory ( such
as cases relating to dumping of toxic waste, for instance... ) the person hired
to dispose of materials is often not the one who gets held liable for the damage
caused – because waste is often traceable to its’
source.
So, from the guidance provided in AS 8015-2005, the Australian Standard for “Corporate Governance of Information and Communication Technology”, you can make someone responsible for an activity, but not accountable – even if it's not directly your mistake, you still carry the can for the consequences.
This accountability under principle 4 to “Ensure ICT performs well, whenever required.” advises Directors that they should “monitor that assets are decommissioned and disposed of in accordance with environmental and data management requirements.”
Most recycling efforts in Australia involve some ethical consideration.
Whether “for profit” or a Charity they have someone with a clue
to handle the process. (Maybe there’s a link with the fact that most of
them subsist on Free/Open Source Software – F/OSS?) Not that the biggest
in the industry are lagging, Microsoft is also actively working to ensure our
industry takes its’ responsibilities seriously.
But tangible evidence exists to demonstrate that, generally, the process has holes (http://scissec.scis.ecu.edu.au/publications/forensics04/Valli-2.pdf).
And in the event that some glitch in the disposal process leads to a HGE ( Headline Generating Event ) whether through Identity Theft or some other unforeseen disclosure, taking the available guidance seriously in the short term and doing something active about it, such as investing in the appropriate conformance measures, will be seen as a wise investment down the line.
Sure as eggs is eggs, anything that does slip through the measures in place can be tracked to its’ source and those who choose to do nothing to prevent HGEs will be held accountable.
Somewhere on the horizon, there is legislation which will cause Australian Organisations to take a more pro-active view of recycling initiatives, whether like the Canadian scheme where a tax is paid on every item purchased to make sure the costs of disposal are met, or some other uniquely Australian approach.
And as with the physical problems of recycling, such as disposing of hazardous materials, the Owner will pay, one way or another.
The liability vulture is coming home to roost on the shoulder of Companies who refuse to look at the problem while it is still small and manageable.
Chernobyl? Maybe not. But wouldn’t your Company rather pay dividends than fines or damages?