Any company contracting an information destruction service should require that it provide them with a signed testimonial, documenting the date that the materials were destroyed. The certificate of destruction, as it is commonly referred, is an important legal record of compliance with a retention schedule. It does not, however, effectively transfer the responsibility to maintain the confidentiality of the materials to the contractor.  A certificate of destruction does not relieve a company from its obligation to keep information confidential.

If private information surfaces after the vendor accepts it the court is bound to question the process by which the particular contractor was selected. Any company not showing due diligence in their selection of a contractor that is capable of providing the necessary security could be found negligent.

From a practical standpoint, if proprietary or private information is lost or leaked by the fraud or negligence of a vendor, the obligations of that vendor are irrelevant. The firm whose information falls into the wrong hands stands to lose the most, either from loss of business, prosecution or unfavorable publicity.

Since a business cannot transfer its responsibility to maintain confidentiality, it must be certain that it is dealing with a reputable company with superior security procedures. Unfortunately, there are those information destruction services that provide certificates of destruction while having no semblance of security and, in some cases, no destruction process available to them. Anyone interested in contracting a data destruction service is advised to thoroughly review their policies and procedures, conduct an initial site audit and conduct subsequent unannounced audits. On-site document destruction is also an option in most cities.

Leave a Reply