For Immediate Service Call Us Today at 866.433.4691
Does a Certificate of Destruction relieve my company from its obligation to keep information confidential?
Any company contracting an information destruction service should require that it provide them with a signed testimonial, documenting the date that the materials were destroyed. The Certificate of Destruction is an important legal record of compliance with a retention schedule. It does not, however, effectively transfer the responsibility to maintain the confidentiality of the material to the contractor.
If private information surfaces after the vendor accepts it, the court is bound to question the process by which the particular contractor was selected. Any company not showing due diligence in their selection of a contractor that is capable of providing the necessary security could be found negligent.
From a practical standpoint, if proprietary or private information is lost or leaked by the fraud or negligence of a vendor, the obligations of the vendor are irrelevant. The firm whose information falls into the wrong hands stands to lose the most, either from loss of business, prosecution or unfavorable publicity.
Since a business cannot transfer its responsibility to maintain confidentiality, it must be certain that it is dealing with a reputable company with superior security procedures. Unfortunately, there are those information destruction services that provide certificates of destruction while having no semblance of security and, in some cases, no destruction process available to them. Anyone interested in contracting a data destruction service is advised to thoroughly review their policies and procedures, conduct an initial site audit and conduct subsequent unannounced audits.
If security and the proper application for “Reasonable Care” standards are important to your organization, then you should choose only NAID Certified vendors for your managed document destruction programs.