Newspapers and other media outlets frequently run stories about second-hand servers bought online and the sensitive data they recover from the included drives, suggesting that businesses are still not taking this danger seriously. Aside from the potential reputational and financial damage these kinds of leaks cause, those found to have breached the DPA can be fined up to £500,000, and company directors could even be sentenced to a jail term in some circumstances.
Environmental implications
The days of sending computer hardware to a landfill are long gone with environmental legislation outlawing general dumping of electronic waste. More specifically the EU’s Waste Electrical and Electronic Equipment (WEEE) directive classifies servers as hazardous waste because they contain PCB boards, a source of polychlorinated biphenyl, which can cause skin lesions, immune system problems and even acute systemic poisoning.
These firms strip server components and ensure that everything recyclable is reclaimed. They then arrange for the remaining components to be disposed of safely, issuing you with a WEEE recycling certificate to prove that everything has been recycled according to EU guidelines. You should also ensure that all drives are securely wiped using a tool to put unwanted data beyond recovery before and hardware is sent to a recycler.
The most environmentally friendly disposal option however would be to repurpose your old server, putting it to work in a role that is not reliant on processing power or RAM. Old machines are often used as backup DNS servers for instance, helping to keep mission-critical systems on line in case of an emergency whilst primary servers are repaired.
Charitable donations
Finally your business could consider donating old servers to charitable organisations who can make use of older computer hardware. Obviously the same rules about data protection still apply, but your business can avoid much of the administrative burden associated with WEEE disposal. You may even be able to use such donations to reduce your annual Corporation Tax liabilities and to meet Corporate Social Responsibility (CSR) targets.
However your business chooses to dispose of old servers, the key consideration must be to ensure that all data is securely deleted before the asset leaves your premises. Failure to do so could be extremely costly in terms of reputation damage, regulator fines and lost business; get it wrong and retiring old servers could be one of your most costly undertakings ever.
Reference: http://blog.krollontrack.co.uk/top-tips/what-to-do-with-your-old-server-equipment/