Shredding companies affiliated with the National Association for Information Destruction (NAID) have access to the shredding industry’s best and most current practices regarding document and data destruction. NAID is a non-profit organization whose mission is to educate businesses, government and service providers of the need to securely destroy discarded information. NAID provides a wealth of knowledge in the debate over recycling versus shredding. Industry experts have written articles and entire chapters addressing people’s misconceptions that paper recycling, often referred to as “pulping,” is a secure method of destroying sensitive documents. According to NAID, “Any organization that selects recycling as an alternative for secure information destruction should reconsider that process, the risks and their obligation” (NAID Advisory #3).
Below is a list of items published by the NAID Advisory that businesses and organizations should consider when determining how to properly protect customers, clients, patients and themselves from the risk of an information data breach:
- Access to scrap paper facilities is generally not restricted or monitored. Public dump sites do not offer any security guarantees.
- Generally, scrap paper companies are not obligated to screen employees.
- There is usually no documented acceptance of fiduciary responsibility between the scrap paper company and the transport companies that haul it to the paper mill or between the paper mill and their employees or between the organization/business and the paper mill.
- Contaminated paper not acceptable to the paper mill is generally disposed of as whole, intact documents and is therefore at risk for exposure.
- The who, what where and when documentation necessary to demonstrate compliance is usually not provided by the paper mill.
- Bales often break at a paper mill. If the material becomes contaminated, it may be disposed of intact.
Outsourcing to a shredding service provider substantially increases the likelihood that all sensitive information that should be destroyed is destroyed. Transporting whole, intact confidential documents and material creates an unnecessary risk that onsite destruction prevents. Imagine a scenario where a document collection truck carrying unshredded documents is in an accident. Or the collection truck is left unlocked or unattended and confidential documents are exposed.
When determining your document and data destruction needs, look for a service provider who is a NAID member and is equipped with the industry’s most advanced destruction equipment. Keep in mind, paper mills are not in the business of security. Data protection is not part of the mission. Although pulping in of itself is a thorough method of destruction, the process of maintaining high levels of security and protecting customers’ confidentiality is not a requirement for paper mills. Whereas contracting with a secure, onsite document destruction service provider, security and data protection is the number one goal!
Author’s Note:
In April’s article titled “Cutting your risk of identity theft,” tip #1 suggested individuals protect their Social Security Number and avoid carrying their Social Security card on their person. A reader pointed out that Medicare cards use Social Security Numbers as the identification number. This is a true and unfortunate fact, which opens Medicare card holders up to the risk of identity theft. AARP provides tips for Medicare card holders. To learn about how to reduce your risk while carrying a Medicare card, go to aarp.org. The good news for Medicare card holders…Social Security Numbers will be removed from the cards beginning in 2018! FBN
Jen Green is President and CEO of Elevated Shredding, LLC, a document and data destruction company and paper/E-recycler; and Strides 2 Thrive, LLC, an agency providing day treatment and employment services for people with disabilities. To inquire about our services, call 928-522-9226, email jen@elevatedshredding.com or find us on the web: ElevatedShredding.com