At its core, a shredding service offers data security. For some, paper shredding services provide peace of mind, while for others, shredding maintains compliance with regulations and helps avoid costly privacy protection violation fines. For this, what happens to your documents after hand-off matters, and not all shredding company services are created equal. To start, let’s discuss what a Certificate of Destruction is, who needs one, and why it may be essential for you or your business.

 

What’s below:

1. Definition – Certificate of Destruction
2. What to look for on a Certificate of Destruction
3. Example CoD
4. Purpose: who needs a Data Destruction Certificate
5. If you didn’t receive a Certificate of Destruction
6. Example information that may require a Verified Destruction Certificate

1. Definition – Certificate of Destruction

A Certificate of Destruction or CoD is a formal document, often digital and hardcopy, providing proof that sensitive information has been properly destroyed. The document contains detailed information on the job and custody transfer as well as verifies compliance with critical security laws to help provide proof in case of consumer privacy audits and legal actions.

2. What to look for on a Certificate of Destruction

While Certificates of Destruction differ slightly, critical information must be included to comply as an official proof of destruction record. Example information to look for:

• Id number for the job or transaction
• Business name performing shredding service
• Customer information
• Name and signature of the data destruction witness
• Date and location the data was collected
• Data destruction timestamp with location ID
• Chain of custody description and transfer of responsibility
• Regulation notes required by your specific industry

3. Example CoD

Below is an example certificate of destruction. For privacy in this example, Shred Co. is the provider as well as the customer and some info is omitted. Key information fields such as timestamp, destruction representative signature, and transfer of custody specifics help show proof of proper document disposal.

4. Purpose: who needs a Data Destruction Certificate?

Many Arizona businesses need more time, knowledge, or resources to manage in-house document destruction and IT asset disposition. It can take time to keep up with the ever-changing regulatory rules and best practices. A certificate of destruction from a trusted document destruction partner provides peace of mind and verification of proper disposal, helping ensure security compliance so you can focus on more important business. Businesses requiring adherence to privacy laws such as HIPAA, FACTA, GLBA, and HITECH likely need a data destruction certificate as part of their overall security and personal data protection strategy.

5. If you didn’t receive a Certificate of Destruction

Office and home shredders offer a different level of physical destruction than professional document destruction services. Professional shred trucks and commercial shredders use precision cross-cut and micro-shredding blade systems unmatched by the average small paper shredder. Before shredding, consider if a certificate of destruction is needed. Certainly, before working with a document destruction company, ask if they provide a certificate of destruction. If you didn’t receive one for a previous job, ask for a CoD for your records and consider finding a service provider with modernized automated practices that can send a certificate of Destruction at the time of destruction.

6. Example information that may require a Verified Destruction Certificate

A Certificate of Destruction can provide a helpful record of proper document disposal for all industries. In particular, however, CoD’s are commonplace in legal, financial, and health industries where sensitive documents are prevalent.

Health Insurance Portability and Privacy Act, or HIPAA, privacy rules outlined in 45 CFR 164.530(c) state that practices must implement proper safeguards to secure protected health information (PHI) and other sensitive data. This includes adopting best practices that avoid inadvertent access to or disclosure of personal information throughout the life of the information, even through final disposal. To stay in compliance and avoid a data breach, a CoD is likely needed for the destruction of information such as:

• HIPAA Protected Health Information (PHI)
• Personally Identifiable Information (PII)
• Corporate proprietary data
• Legal statements, agreements, or instruments
• Personal Education files
• Financial records or portfolio information
• Documents with combined information that can be used to identify a specific identity

Each industry is unique in its requirement to protect consumer data. A Certificate of Destruction is always a safe record and can be particularly useful in a compliance audit or security inspection.

Need a certificate of destruction? Shred Co. can help.

If you have questions about identity theft protection, document destruction services or want to learn more about verified paper shredding records, give us a call! We’re happy to help ensure you, and your business is safe, secure, and compliant with document destruction law.

References:

1. 1. Certificate of Destruction: A Complete Guide https://www.securescan.com/articles/document-destruction/certificate-of-destruction-a-complete-guide/

2. 2. Disposal of Protected Health Information https://www.hhs.gov/hipaa/for-professionals/faq/disposal-of-protected-health-information/index.html

3. 3. What do the HIPAA Privacy and Security Rules require of covered entities when they dispose of protected health information? https://www.hhs.gov/hipaa/for-professionals/faq/575/what-does-hipaa-require-of-covered-entities-when-they-dispose-information/index.html

4. 4. i-SIGMA History http://www.naidonline.org/nitl/en/cert/history-purpose.html