UNIVERSITY of GLASGOW

IT Services
home > services > IT Services > Regulations, committees and policies > General > Computer equipment disposal policy

Computer Equipment Disposal Policy

Policy agreed by the Information Strategy Committee (ISC) - Thursday 21 February 2002

Also see Disposal and recycling of old IT equipment >>
- this explains how to dispose of old equipment, who to contact and how much it will cost

Introduction

Every computer comes to the end of its life at the University and is disposed of. There may be liabilities associated with the subsequent use of the equipment, and such systems may contain disks that hold information that is confidential; thus some care has to be taken over their disposal.

Why is it important?

When you are clearing out a filing cabinet, you consider how papers should be disposed of. Some information will have such little intrinsic value to others that it can safely be thrown in an open waste paper basket; other papers could cause some embarrassment if others found them and thus sealed bin bags may be a preferable method of disposal; other documents contain particularly sensitive information e.g. CVs or references, in which case shredding is essential.

The same considerations apply when disposing of IT equipment, especially those with disks of information and data. In particular, if any files on disk contain personal or other sensitive or confidential data then special care must be taken to ensure that this information cannot be accessed by anyone. There have been high profile cases where this care has not been adequately exercised; the Data Protection Act 1998 requires us to take these issues seriously. Also careful thought has to be given to the licensing conditions of any software that is on the disk. For example, old PCs may normally be disposed of to a third party with the original Operating System installed. However any Microsoft Office products for example must be removed in order to fulfil the licensing conditions.

In addition, the University has obligations to the person receiving the equipment in relation to its electrical safety that may represent a continuing liability (see the Electrical Equipment (Safety) Regulations 1994). Finally, there are environmental implications in dumping computer equipment (see the Environmental Protection Act 1990 (Section 34) and the Environmental Protection (Duty of Care) Regulations 1991).

Definitions

In this policy:

  • Computer equipment means personal computers and servers, plus computer peripherals such as printers.
  • The asset controller is the person in the department or faculty who has responsibility for the management of the assets of the department or faculty.
  • The custodian is the person who works with the computer on a day-to-day basis and will have a detailed knowledge of the nature of the equipment and any software or information contained in it.
Who has the responsibility?

The asset controller (who may be the custodian) of the equipment has full responsibility for ensuring safe disposal under this policy. Normally the custodian will be the person who uses it in the case of desktop systems and for servers the custodian will be the administrator. The asset controller should take advice from the custodian relating to the software or information contained in the equipment.

What is the policy?
  1. Computer equipment should normally be re-used within the University wherever possible. Re-use opportunities (eg for use by PGR students) outwith the Department should be sought if the system has an economic life but is no longer appropriate for use within the Department. Once the asset controller decides this is no longer feasible, the asset should be formally written off, (ie the asset register adjusted, and asset tags removed) and the asset disposed of in conjunction with this and other university policies.
  2. No computer equipment may be sold to any individual other than through the processes identified in this policy.
  3. No computer equipment should be disposed of via skips, dumps, landfill etc.
  4. It is acceptable within this policy to trade-in computing equipment to a supplier in part exchange for newer equipment. However, the other considerations of this policy still apply.
  5. The University will maintain one or more contracts or arrangements with companies or other organisations relating to the disposal of computing equipment. Asset controllers wishing to dispose of computer equipment must use one or other of these contracted disposal organisations, or trade it in.
  6. Where possible at least one of the contracts or arrangements should permit disposal via a charitable organisation supplying equipment to developing countries.
  7. Any charges relating to the uplift or other aspects of this policy are the responsibility of the department or faculty owning the equipment.
  8. In the case of all disposals (including any significant change of use of the equipment, eg from one department or section to another, or from staff use to student use), to comply with legal obligations the asset controller must ensure that all data with any personal details (including email and other addresses) is removed. The safest way to achieve this is by re-partitioning and re-formatting the disks. In the case of highly confidential data and sensitive personal data as defined by the Data Protection Act 1998, and/or where the computer has been used in an especially sensitive area of the University, the disk should be removed and physically destroyed by crushing. Advice on what may be classed as especially sensitive areas of the University may be had by contacting the Data Protection Officer.
  9. In the case of all disposals where the equipment leaves the ownership of the University, to comply with licences and copyright law the asset controller must ensure that all software (other than the original operating system) is removed, unless transferable software licences including original disks and documentation are supplied with the computer. The original operating system may be retained if the original certificates are available to be transferred with the machine. For the avoidance of doubt, CHEST and other site licensed software such as Microsoft SELECT software is not transferable. Re-partitioning and re-formatting the disk will effectively remove software as well as data files.