Certification: What Does it Mean
The destruction of confidential and sensitive information is governed by numerous laws and regulations that require the protection of confidential customer information. Therefore, proper and secure disposal of any personal or confidential customer information is highly important.
Document Shredding is all the same, right?
A common misconception is that an organization will hire a document shredding company (offsite or onsite), the company will either be certified to securely and properly shred and dispose of your documents or they will not; but once the documents are given to the shredding company, all is done and you are no longer liable. Wrong! So what happens if there is an information security breach that occurs during, at the time of service, or after you turn over the confidential documents to your shredding service provider?
The FTC (Federal Trade Commission) Disposal Rule requires businesses to take appropriate measures to dispose of sensitive information. FACTA (Fair and Accurate Credit Transactions Act) applies to virtually all persons and businesses in the United States, mandating that “any person who maintains or otherwise possesses consumer information, or any compilation of consumer information, for a business purpose must properly dispose of such information by taking reasonable measures to protect against unauthorized access to or use of the information in connection with its disposal.”
Under FACTA, consumer information is defined as personal identifying materials which extend beyond just a person’s name, including:
- a social security number
- a driver’s license number
- a phone number or e-mail address
- a physical address
The limit of liability is still in the hands of the business that obtained the confidential consumer information. If a breach were to occur during, at the time of, or after confidential documents are turned over to your shredding service provider, the business or organization is still liable. The disposal rule requires that “reasonable measures” must be taken when disposing of confidential information. Reasonable measures include the “burning, pulverizing, or shredding” of paper documents, such as the contracting of a certified third-party engaged in the document destruction business to dispose of confidential information in a manner consistent with the Act.
What does NAID Certification mean?
- NAID (National Association for Information Destruction) Per the NAID website, “NAID is the standards setting body for the information destruction industry. NAID AAA Certificationverifies the qualifications of certified information destruction providers through a comprehensive scheduled and unannounced audit program. This rigorous process supports the needs of organizations around the world by helping them meet numerous laws and regulations requiring protection of confidential customer information:
- FACTA Final Disposal Rule requires the destruction of all consumer information before it is discarded. Covered entities must monitor compliance of any organization contracted to destroy consumer records.
- The FACTA Red Flags Rule requires audits of data-related vendors with access to personal information of customers.
- Under HIPAA, covered entities may be subject to civil penalties for misconduct of its business associates that lead to a security breach. Working with a NAID certified vendor reduces the risk.
- Business associates of covered entities must comply with technical, administrative and physical safeguard requirements under the HIPAA Security Rule. For more information on HIPAA, see "Common misconceptions about HIPAA and data destruction."
When your document destruction process is handled by a NAID Certified member, your security measures and protocol are never the question. But the first thing you WILL be asked during a breach is, “Did you use a CERTIFIED document shredding company?” It’s your liability, your reputation, and your responsibility to protect and properly dispose of confidential client information.
You wouldn’t hire someone that wasn’t a certified accountant to file your taxes? Or would you?
Rock Solid Shredding provides customized paper and hard drive shredding services that assist businesses with complying with legislation while protecting information.
Contact them at 501.940.9900 or fill out the Contact Form.
Follow Rock Solid on Twitter. Like them on Facebook.