Ensure safe, private and ecologically sound system end-of-life.

Identify responsible disposal priorities
Create protocols to eliminate e-waste (ecologically responsible hardware disposal).
Validate & verify the wiping and/or overwriting of drive data upon decommissioning – and ensure models are not reused without consent of data subjects.
Protocols for ensuring that the disposal of data, models, etc. or physical devices, don’t create an attack surface.
Track compliance of impact assessments
Data end-of-life best practices
- Disposal and decommissioning protocols
  - Hardware
  - Expunging server data
  - Expunging hard drive data
  - Retiring models
  - Expunging data fields with PII in relevant software
- Physical device destructions
  - Ensure that servers, hard drives and other sensitive information is erased and/or overwritten
  - Ensure all PII is expunged
Legal compliance
- Compliance with data privacy laws for PII in all jurisdictions
- Compliance with e-waste statues

For regulators / policy makers

Enforcement mechanism to compel compliance
Governance of how impact assessments are fulfilled through end-of-life stage
Enshrine data end-of-life best practices
1. Disposal and decommissioning protocols
  1. Hardware
    1. Physical device destructions
    2. Ensure that servers, harddrives and other sensitive information is erased and/or overwritten
    3. Third party audits of hard drive data
  2. Server-side
    1. Server data
    2. Retiring cloud-based models
  3. Ensure all PII is expunged
    1. Protocols for expunging data fields with PII in relevant software, databases, ML models, harddrives, cloud architecture
Legal compliance
1. Compliance with data privacy laws for PII in all jurisdictions
2. Compliance with e-waste statues
Further reading:
1. Privacy Law Reform - A Pathway to Respecting Rights and Restoring Trust in Government and the Digital Economy
  1. 2018-2019 Annual Report to Parliament on the Privacy Act and the Personal Information Protection and Electronic Documents Act