When is a Certificate of Destruction Required?
If your organization handles documents that contain sensitive and confidential information, you will need to securely destroy them according to proper document retention guidelines. Different industries have different information security risks regarding sensitive information. However, here is an overarching list of the types of information confidential documents can contain:
- Personally identifiable information (PII)
- Information protected by privacy laws
- Corporate trade secrets
- Financial details
- Information that can be easily overlooked (e.g. boarding passes, shipping labels, photos, etc.)
- Digital information (e.g. hard drives)
In order to remain compliant with privacy and security laws in the event of an audit, your organization should receive a Certificate of Destruction after each service showing that your documents, hard drives, and media have been securely destroyed. A Certificate of Destruction provides proof that your material has been safely and securely destroyed. This helps to ensure that your organization is meeting all required security laws and can be quite useful in the event of an audit.
A secure shredding service should provide you with a Certificate of Destruction that thoroughly documents the type of shredding service you received, when it occurred, the location of where the document destruction occurred, order number, and any other important details.