When the National Association for Information Destruction (NAID), Phoenix, formed two decades ago, Bob Johnson, one of the trade organization’s founders and its current CEO, says the biggest challenge the founding members faced was the lack of resources available for industry professionals.
Today, as the nonprofit trade association of the secure destruction industry celebrates its 20th anniversary, Johnson says NAID has significantly improved the resources it offers while serving as a place where companies can merge their own resources.
“Companies acknowledge they will be competing with each other,” he says, “and they understand there are only certain things that can be accomplished if they pool their resources. NAID has been where they decide to pool their resources.”
Johnson continues, “With all of the changes that come with success, most trade associations are limited to the resources available. We have been able to apply those resources that have been beneficial to our members.”
He details how the trade association grew from a group of volunteers managing 150 NAID members to offering numerous certifications, accreditation and resources to its current 2,000 member locations.
Good traction
When Johnson worked at his family’s recycling business in the early 1980s, he says fewer than 100 companies were serving the information destruction industry. From 1982 to 1991, Johnson says he formed and grew the data destruction division of his family’s recycling company into the most profitable part of the business.
When his family decided to sell the business, he started his own company consulting in the information destruction industry, but something was missing in the industry at the time, he says.
“One of the things I always wished we had while I was in the business was a trade association,” Johnson says.
In 1992, Johnson and a network of industry associates discussed introducing a trade association for the information destruction industry, and in 1994 NAID became a reality.
Johnson says interest in the trade group was strong at first, but it was not until the early 2000s when membership soared.
“We got pretty good traction immediately because there was a vacuum and many people recognized the need for a trade association. We jumped to 150 members in the first year and a half.”
However, Johnson says NAID remained at about 150 members for eight years until a confluence of events that occurred in 2002 changed the industry as a whole.
Making headlines
At the regulatory level, two compliance deadlines occurred that included strong data protection elements to them, Johnson says.
The Health Insurance Portability and Accountability Act (HIPAA), which requires the protection and confidential handling of protected health information, was introduced in 1996 but modified in August 2002.
The Gramm-Leach-Bliley Act, which outlines the standards financial institutions must follow to protect customer information, went into effect July 1, 2001, with compliance deadlines set for 2002.
|
Membership perks The National Association for Information Destruction (NAID), Phoenix, has a long list of member benefits. Some highlights of joining NAID, according to the trade association, are:
|
Johnson says these compliance deadlines “prompted them to get their houses in order” so that those in the industry could be legally protected.
As these two acts reached their compliance deadlines, a phrase that is all-too familiar today was making its first mark. Identity theft became a household word that appeared in headlines everywhere, Johnson says.
“Prior to that, I remember we had a speaker at a conference in 1999 in Tampa (Florida) and he talked about identity theft. He didn’t use those words, but he described it, and we couldn’t believe what he was talking about, and two years later it was rampant,” Johnson explains. “The FTC (Federal Trade Commission) still ranks identity theft very high on the list of most prominent forms of fraud in the world.”
At the same time, Enron was collapsing and shredding documents. While the Enron scandal shed a negative light on the information destruction industry, it created an opportunity for NAID, Johnson says.
As media reports covered the improper destruction of information at Enron, NAID sent out a press release informing Americans that data can—and should— be destroyed correctly.
“All we did in the press release was remind people that 99.9 percent of all information destruction is done to protect clients or corporate information and it’s something businesses have to do,” Johnson says. “It was obvious that improper information destruction can lead to negative consequence, but it was also obvious that businesses had to properly destroy the information and to comply with information destruction requirements.”
He says the group’s efforts led to a front-page story in the Wall Street Journal about why people needed an information destruction trade association. An article in USA Today about NAID “led to more acceptance of NAID and more awareness of the issue,” he says.
Johnson continues, “When you look at the four or five things that happened in 2002, you can almost go back to that point in time and see the arch of our industry in general as well as NAID’s size and scope.”
Size and scope
“The nature of the client and the nature of the services have changed dramatically,” Johnson says of the information destruction industry.
NAID membership comes from many directions, he says, since numerous companies have merged in recent years. Record storage companies have set up separate data destruction divisions, many mobile and plant-based service providers have combined and a once-thriving office paper recycling sector was replaced by the information destruction industry, Johnson says.
“When the business climate changed in the early 2000s, and you could no longer recycle paper without any security involved, more or less companies just saw the writing on the wall and they morphed into information destruction companies,” Johnson says.
“Serving the multiple and evolving constituents that we have, it’s not the clear divider that it used to be because so many plant-based and mobile providers have morphed.”
He adds, “While there was a fine line between hard copy and electronics, that line is slowly dissolving.”
Professional programs
NAID’s membership has grown over the years and so, too, has the services that it offers. Fourteen years after introducing the NAID AAA Certification program, Johnson says nearly 85 percent of its North American member companies are certified. The NAID AAA Certification program certifies secure destruction operations for on-site and off-site paper shredding, micro media, physical destruction of computer hard drives. The group also offers certification for the sanitization of electronic equipment.
Johnson says while market differentiation might have been the initial momentum behind the growth of the certification program, certification has come to play a much important role in the marketplace.
“It’s the ultimate service for the client to subject themselves to this audit regime,” he says of NAID certified companies.
The NAID Certification of Sanitization Operations, launched in 2008, also focuses on data security. The voluntary program is available to members and verifies the security and effectiveness of sanitization services offered by IT asset management firms, electronics recycling companies and others. Auditors verify the effectiveness of sanitization of hard drives and solid state devices using the forensic examination of control devices as well as of devices randomly removed from the applicant’s processed inventory.
NAID introduced the AAA Certification of Sanitization Operations in response to member companies who acknowledged that hard drive resale opportunities existed, and therefore it was important to ensure data were securely wiped from these devices.
NAID’s certifications include scheduled and random unannounced audits by the association’s trained and accredited third-party security professionals.
Johnson says the success of NAID’s certifications and what they do for clients is another benefit for the industry.
“All one has to do is look at all of the programs and materials NAID has created and see how they have been used by members to improve their businesses,” Johnson says. “When I think about how data protection officials around the world now know to turn to NAID for advice on data disposal, that’s very rewarding. NAID is now certainly widely recognized across the globe for the secure destruction industry.”
NAID also introduced a professional accreditation program, Certified Secure Destruction Specialist (CSDS), a few years ago. Johnson says with the upcoming graduating class, 200 individuals will have obtained CSDS accreditation.
NAID’s dedication to education may best be illustrated by its acquisition of Shred School from Total Training Services Inc., Spartanburg, S.C., in December 2012. The organization’s Shred School education arm recently lowered its registration costs, Johnson says. With “great experience” during the first five NAID-hosted Shred Schools, Johnson says 150 NAID members nationally have completed the program since NAID acquired the rights to the Shred School name.
Industry veteran Ray Barry, who served as former dean of Shred School from 2005 to 2012, joined NAID in September 2013 as chief “shreducation” and member relations officer. He will run Shred School for NAID, Johnson says.
NAID assists members with their day-to-day operations as well. “On a daily basis we get questions about everything under the sun about how they operate their business,” Johnson says of NAID’s members. “It could be anything from fire ratings on cabinets to how a regulation impacts them in a certain situation.”
He points out that NAID offers sample contracts for nearly any type of situation; instead of paying a sometimes less-informed lawyer, NAID members have access to free, credible sample contracts.
“We want to continue to provide the education and tools so that members can represent themselves so they can legitimately be security and records information professionals,” Johnson says.
Challenging changes
Johnson acknowledges that NAID needs to play an active part in keeping up with the evolving industry. To do that, the trade group is conducting more research, including two major research aimed at the United States in the next year, he says.
One study is on the efficacy of solid state drives (SSD). As mobile and tablet devices take over the market, the NAID SSD Task Force, a group of electronic data destruction industry professionals and outside consultants, wants to ensure secure and proven methods of SSD sanitization are available.
“Electronic media evolved so quickly, and the opportunities changed so radically. We need to know what to tell our members about solid state drives, which is why we are doing studies on them,” Johnson explains. “I don’t see NAID’s work ever being done in that regard. There will always be challenges, and NAID’s future is going to be keeping up with those evolutions in the industry and it is going to be a continual thing.”
The author is an associate editor of Storage & Destruction Business and can be reached at mworkman@gie.net.
Latest from Recycling Today
- Nucor names new president
- DOE rare earths funding is open to recyclers
- Design for Recycling Resolution introduced
- PetStar PET recycling plant expands
- Iron Bull addresses scrap handling needs with custom hoppers
- REgroup, CP Group to build advanced MRF in Nova Scotia
- Oregon county expands options for hard-to-recycling items
- Flexible plastic packaging initiative launches in Canada
