What is a Certificate of Destruction, what is it for, and why is it important?
While only a small part of a larger overall data protection program, shredding unnecessary/outdated documents is one of the simplest and most effective ways to ensure that sensitive data is protected against information theft or accidental disclosure.
Proper disposal of confidential documents greatly reduces the chance of a data breach, minimizes a businesses liabilities should such an event occur, and makes compliance with data protection laws easier.
For these reasons and more, many businesses choose to rely on a professional shredding company for their document destruction needs.
By outsourcing the shredding process to a third party provider, businesses are able to eliminate the responsibility of keeping up with all the latest compliance rules and regulations, while eliminating the need for expensive shredding equipment and employee training programs.
With all the effort involved in ensuring your documents have been destroyed securely, it is important to also maintain a detailed record of the process from start to finish.
A Certificate of Destruction does just that, and more. Keep scrolling to learn what it is, what it does, and why it is critical for any business that requires verified destruction of sensitive documents.
The certificate (sometimes called a letter of destruction or a certificate of data destruction) typically contains a statement by the issuing provider indicating that all materials have been securely destroyed, as well as details about when the service occurred, where the documents were destroyed, and other important information.
In this way, it can be thought of as a Death Certificate for sensitive documents.
At USA Imaging, we provide a Certificate of Destruction after every shredding service visit. Certificates are included when destroying documents after a document scanning project.
In these cases, verified destruction is the final part of the document lifecycle and an important component in any records management policy. A Certificate of Destruction serves as your record that sensitive data has been permanently destroyed, and that it was done so in accordance with data privacy laws and regulations.
It is an important method for tracking and maintaining a secure chain of custody, and may be required in order to comply with government mandates and requirements. A Certificate is most often used when destroying documents that contain:
Personally identifiable information (PII)
Personal health information (PHI)
Information protected by data privacy laws
Internal documents/proprietary data/trade secrets
Financial records and bank statements
A Certificate of Destruction can also be a particularly useful tool in the case of a compliance audit. A detailed record of each shredding service can serve as documentation/ evidence of the proper handling of sensitive data.
Each industry is governed by unique regulations that dictate how long data should be kept, as well as how it can be destroyed. It is important to ensure your company’s document retention and destruction policies align with these standards.
As these records are created and submitted by the service provider, it is still critical that you do your research, and choose a provider that maintains industry certifications such as NAID® AAA certification and SOC-2 Compliance, so that the Certificate of Destruction you receive actually has value.
While the specific details contained within a Certificate of Destruction are defined by the organization that issues it, there are several key pieces of information that should be included for it to properly serve its purpose including:
A unique tracking number or ID to be used in an audit
Customer/client name and address
Shredding service provider details
Time and date of services performed
The method used to destroy the documents
The location where the service took place
Names of any witnesses to the process
A transfer of custody and fiduciary responsibility
A legal statement that serves as confirmation of the services provided