PwC Report: Critical infrastructure and the e-waste data security threat

As more systems become digitised, it’s important to consider how to securely dispose of e-waste and the valuable data they hold. There are significant risks posed by unsanitised e-waste, and poor sanitisation and destruction practices are widespread. Urgent action is needed to ensure that Australian organisations securely dispose of redundant devices. The paper proposes two key recommendations: amending the SOCI Act to make secure disposal an obligation under CIRMP rules, mandating that critical infrastructure entities follow the Information Security Manual (ISM) and engaging a NAID AAA certified supplier for IT disposals. It also recommends providing specific guidance to organisations captured by the Privacy Act to ensure their e-waste is securely sanitised or destroyed, again pointing to the ISM and NAID AAA certified suppliers.