Certificate of Destruction: A Complete Guide

What is a Certificate of Destruction, what is it for, and why is it important?

One of the most crucial responsibilities that any business has is to protect the confidentiality of the sensitive data in its possession.

While only a small part of a larger overall data protection program, shredding unnecessary/outdated documents is one of the simplest and most effective ways to ensure that sensitive data is protected against information theft or accidental disclosure.

Proper disposal of confidential documents greatly reduces the chance of a data breach, minimizes a businesses liabilities should such an event occur, and makes compliance with data protection laws easier.

For these reasons and more, many businesses choose to rely on a professional shredding company for their document destruction needs.

By outsourcing the shredding process to a third party provider, businesses are able to eliminate the responsibility of keeping up with all the latest compliance rules and regulations, while eliminating the need for expensive shredding equipment and employee training programs.

With all the effort involved in ensuring your documents have been destroyed securely, it is important to also maintain a detailed record of the process from start to finish.

A Certificate of Destruction does just that, and more. Keep scrolling to learn what it is, what it does, and why it is critical for any business that requires verified destruction of sensitive documents.

What is a Certificate of Destruction?

A Certificate of Destruction is a formal document issued by a shredding service provider that records important details about the destruction of sensitive documents, including the time and place where the service took place, information about the company who provided the service, and any witnesses to the process.

The certificate (sometimes called a letter of destruction or a certificate of data destruction) typically contains a statement by the issuing provider indicating that all materials have been securely destroyed, as well as details about when the service occurred, where the documents were destroyed, and other important information.

In this way, it can be thought of as a Death Certificate for sensitive documents.

What is a Certificate of Destruction used for?

The main purpose of a Certificate of Destruction is to record the chain of accountability, as secure data passes hands from the owner of the data to the company responsible for destroying it. It is essentially a record that verifies that materials were safely and securely destroyed, moving the burden responsibility to the supplier that issued the certificate.

How do you get a Certificate of Destruction?

When scheduling a service visit with a document shredding company, confirm that you will be provided with a Certificate of Destruction upon completion. Typically, you should receive your certificate on the same day of your service or soon after.

At USA Imaging, we provide a Certificate of Destruction after every shredding service visit. Certificates are included when destroying documents after a document scanning project.

When is a Certificate of Destruction Required?

If your business regularly handles documents that contain sensitive information, you are responsible for maintaining the confidentiality of that data as long as it remains in your possession.

In these cases, verified destruction is the final part of the document lifecycle and an important component in any records management policy. A Certificate of Destruction serves as your record that sensitive data has been permanently destroyed, and that it was done so in accordance with data privacy laws and regulations.

It is an important method for tracking and maintaining a secure chain of custody, and may be required in order to comply with government mandates and requirements. A Certificate is most often used when destroying documents that contain:

Personally identifiable information (PII)
Personal health information (PHI)
Information protected by data privacy laws
Internal documents/proprietary data/trade secrets
Financial records and bank statements

A Certificate of Destruction can also be a particularly useful tool in the case of a compliance audit. A detailed record of each shredding service can serve as documentation/ evidence of the proper handling of sensitive data.

Each industry is governed by unique regulations that dictate how long data should be kept, as well as how it can be destroyed. It is important to ensure your company’s document retention and destruction policies align with these standards.

Does a Certificate of Destruction prove documents were securely destroyed?

It is important to note that a Certificate of Destruction is not definitive proof that your documents were securely destroyed, rather, it is a statement issued to you by your provider that your documents were securely destroyed in accordance with industry standards and regulations.

As these records are created and submitted by the service provider, it is still critical that you do your research, and choose a provider that maintains industry certifications such as NAID® AAA certification and SOC-2 Compliance, so that the Certificate of Destruction you receive actually has value.

What kind of information is included with a Certificate of Destruction?

While the specific details contained within a Certificate of Destruction are defined by the organization that issues it, there are several key pieces of information that should be included for it to properly serve its purpose including: