Three Companies Receive NAID On-site Sanitization Certifications
The National Association for Information Destruction (NAID), based in Phoenix, has announced Green Delete of Chicago, Lifespan Technology Recycling of Denver and EPC of Earth City, Mo., were the first companies to receive NAID on-site sanitization certifications.
NAID is a nonprofit trade association of the secure destruction industry, currently representing more than 1,800 member locations globally.
NAID introduced its on-site sanitization certification in November 2011.
“Having this program accepted so quickly validates our suspicions,” says Bob Johnson, NAID CEO. “We’re to the point where data-related vendors’ qualifications have to be validated by a credible body. Thanks to years of diligence, NAID is the place that both customers and vendors turn to.”
NAID AAA Certification of Sanitization Operations, available to members of the association, is a voluntary program designed to validate the security and effectiveness of a firm’s data sanitization processes. NAID says it uses surprise and scheduled audits to confirm compliance with the required written procedures and the quality control regime of participants. NAID auditors verify the effectiveness of hard drive sanitization through third-party forensic examination of control hard drives and hard drives randomly removed from the applicant’s processed inventory, according to the association.
EU Proposes New Data Privacy Laws
European Union Justice Commissioner Viviane Reding has announced new proposals to the EU’s data protection laws that are designed to help individuals maintain control of their personal data.
The EU’s Data Privacy Directive has not been updated in more than 10 years.
The proposals include “the right to be forgotten,” which would force companies to delete the user data of those who request it. Companies also would be required to report data breaches within 24 hours, where feasible. The proposed changes also introduce the concept of “data portability,” allowing an individual to access the data a company is holding on her and transfer it to another service provider.
Data breaches would lead to penalties of up to €1 million (US$1.3 million) or up to 2 percent of a company’s annual global revenue.
Reding says, “My proposals will help build trust in online services because people will be better informed about their rights and in more control of their information.” She adds, “The reform will accomplish this while making life easier and less costly for businesses.“
The proposal would establish a single set of rules, saving businesses €2.3 billion (US$ 3 billion), Reding says. Each EU member country also would have to establish a national data protection authority.
The proposals have been passed on to the European Parliament and to EU member states for discussion.