Most companies understand the importance of properly storing sensitive documents—to protect them from unauthorized access. The risk of not taking document security seriously can result in costly data breaches, reputational damage, and non-compliance fines.
However, the importance of destroying those documents is often overlooked. Just as sensitive records must be securely stored while in use, they must be properly disposed of at the end of their life cycle.
Partnering with a reputable information management company helps to ensure that documents are disposed of securely and in compliance with state and federal privacy regulations. But, how do you know which vendors are qualified to handle your employees’ and customers’ most vital personal information?
That’s where a NAID certification comes in.
The International Secure Information Governance & Management Association (i-SIGMA) sets and enforces standards for data destruction and records management service providers. Recognized internationally by both the private sector and government organizations, i-SIGMA maintains the most stringent and widely recognized certifications for data security and vendor compliance, including NAID AAA Certification®.
The NAID AAA Certification® verifies a destruction company’s compliance with the complex web of government regulations surrounding information security. Companies who choose to work with a NAID AAA certified destruction vendor can feel confident that they have met their regulatory due diligence requirements.
“By using a NAID AAA Certified company to destroy your information, you are performing your due diligence in selecting a vendor, which is required by all data protection regulations,” says Katie Mahoney, former Director of Certification for i-SIGMA.
Meeting NAID AAA certification requirements isn’t simply a matter of paying a membership fee and attending a seminar. To become NAID AAA Certified, data destruction companies must undergo the following:
If a company is discovered to be non-compliant, the Certification Review Board institutes remedial training. However, repeat violations and serious infractions result in dismissal.
“NAID AAA Certification gives the customer peace of mind,” says Mahoney. “The customer knows that their material is being handled by a company that has been audited by the foremost standard-setting body for the information destruction industry.”
Join us for part two of our See Clearly webinar series, where we’ll explore best practices for organizing, classifying, and optimizing access to your physical and digital records.
When you hire an under-qualified vendor or take on the responsibility of destroying information yourself, you do more than put your employees and customers at risk—you jeopardize the financial well-being and future of your business.
As we’ve seen in recent years, data breaches involving employee and customer information can result in costly lawsuits. For example, AT&T experienced a data breach in January of 2023 through a cloud vendor, affecting 8.9 million wireless customers. The compromised data included account details from 2015 through 2017, which should have been deleted by 2018, according to AT&T’s retention policies.
Although most people associate data breaches with digital records, physical documents and hard drives are also susceptible. For example, at All-Star Orthopedics, an unencrypted hard drive containing X-ray images and personal details of 76,000 patients was stolen in November 2018, prompting the organization to implement stricter security protocols, including encryption. Meanwhile, Miami-based Dermacare Brickell mistakenly discarded paper records of 1,800 patients in a condominium dumpster, leading to patient notifications despite no evidence of misuse. The practice is now transitioning to electronic records and plans to shred all remaining paper files.
Even in the absence of a breach, lax data destruction policies can be expensive. From HIPAA to the Fair Credit Reporting Act, a number of state and federal laws mandate that companies properly dispose of data when retention requirements have been met, and missteps can result in non-compliance fines and penalties.
When it comes to protecting sensitive information, data security doesn’t end with proper storage—it extends to secure disposal. Failing to destroy documents properly can lead to costly data breaches, reputational damage, and regulatory fines. That’s why businesses must be diligent in selecting a trusted data destruction partner, like Access.
In addition to maintaining a NAID AAA certification, Access has earned a variety of industry certifications, including PRISM Privacy+, SOC 2 Type II, SOC 3, NARA, and more.
To learn more about our document shredding and hard drive destruction services click below to get started.
Share