Industry News

© Benoit Daoust | Dreamstime.com

Small Businesses Unaware of Potential Impact of Data Breaches
A recent study conducted by Ipsos Reid on behalf of Toronto-based information security company Shred-it revealed that small businesses do not fully comprehend the impact of a data security breach and, as a result, are not safeguarding sensitive information thoroughly.

An independent survey conducted by Ipsos Reid and commissioned by Shred-it was conducted April 16-23, 2013, with two distinct sample groups: small business owners in the United States (1,008) that have fewer than 100 employees and C-suite executives in the United States (100) who work for companies with a minimum of 500 employees.

The 2013 Shred-it Information Security Tracker indicates that an alarming number of small businesses (69 percent) are not aware of or don’t believe lost or stolen data would result in financial impact and harm to their business’ credibility.

According to the study:

• Forty percent of small business owners have no protocols in place for securing data, a 5 percent increase from last year.
• More than one-third of the small businesses report that they never train staff on information security procedures.
• Forty-eight percent have no one directly responsible for managing data security.
• Only 18 percent would encourage new data privacy legislation requiring stricter compliance and penalties to information security threats.

Mike Skidmore, Shred-it privacy and security officer, says, “We have seen a consistent increase in small businesses without security protocols in place, and a crucial first step for practicing effective information security is improving awareness of policies and procedures. Organizations face a lot of risks, but enforcing sensitive data safeguarding as a company-wide practice will potentially avert both significant financial and reputational damage.”

The 2013 Shred-it Information Security Tracker found that more C-suite executives (12 percent) reported financial losses of more than $500,000 resulting from data breaches this year than in previous years; yet, 23 percent of the C-suite executives surveyed said they did not believe a data breach would affect their businesses.

At the same time, while awareness of legal requirements among C-suite executives was up 4 percent compared with Shred-it’s 2012 survey, only 16 percent of respondents report training employees on protocol twice per year, which is down 11 percent from 2012.

In Brief Stevens & Stevens Celebrates 20th Anniversary Stevens & Stevens Business Records Management, based in Clearwater, Fla., is celebrating 20 years in the records management business in 2013. Stevens & Stevens recently held an open house at its Clearwater location for customers to learn more about the benefits of records management and to showcase its services. Founded by Ralph, Marshall and Rhett Stevens, Stevens & Stevens now employs 39 people and has facilities in Clearwater and in Greenville, S.C. The company offers a full line of records management services. DDRS Employees Earn Accreditation Vanna Root, Bailey Burt and Chris Ockenfels of Document Destruction and Recycling Services (DDRS), Cedar Rapids, Iowa, each have received the accreditation of Certified Secure Destruction Specialist (CSDS) from the National Association for Information Destruction (NAID). They are the only individuals in Iowa to achieve this designation as of early May, according to DDRS. CSDS accreditation is designed to acknowledge the comprehensive understanding of the broad range of disciplines related to secure destruction. Founded in 1996, DDRS has locations in Cedar Rapids, Davenport and Altoona, Iowa.

//Digital Security
R2 Solutions Updates Responsible Recycling Practices
Standard R2 Solutions, Boulder, Colo., announced updates to its R2 (Responsible Recycling Practices) certification standard at the Bureau of International Recycling (BIR) 2013 World Recycling Convention & Exhibition in Shanghai. According to R2 Solutions, “The new standard, R2:2013, greatly increases the oversight and quality assurance tools critical to a voluntary certification program.”

The new standard became effective July 1, 2013.

“It is essential for the electronics recycling industry around the globe to continuously raise the bar when it comes to data security, the environment and the health and safety of its employees and surrounding communities,” said John Lingelbach, executive director of R2 Solutions. “With R2:2013, we continue to improve the R2 Standard so that we can offer recyclers and their upstream customers the absolute best in electronics recycling industry practices.”

The R2 Standard consists of 13 provisions. The most significant change to the R2 program is the requirement for all R2 facilities to have an approved environmental, health and safety management system (EHSMS). Currently approved management systems include a combination of ISO 14001 and OHSAS 18001 or the Recycling Industry Operating Standard (RIOS) system. The EHSMS requirement improves the integrity and accountability of the entire R2 certification, according to R2 Solutions.

R2:2013 also includes:

• Enhanced export requirements designed to more explicitly include compliance with the export and import laws of all exporting, importing and in-transit countries, not just non-OECD (Organisation for Economic Co-operation and Development) countries;
• Clarified existing downstream due diligence requirements designed to better track equipment containing focus materials through each downstream vendor until it is sold for reuse or as a commodity; and
• A comprehensive approach to data security and destruction designed to assure the security of all media until it is effectively sanitized or destroyed.

“The overall goal of R2:2013 is to help IT asset disposition (ITAD) companies optimize their systems and practices and, by certifying to its requirements, assure their upstream clients that they are fully addressing potential risks to brand and potential legal and financial liabilities,” R2 Solutions says.

The updated standard was developed after a thorough evaluation of the current R2:2008 standard by a multistakeholder group, the R2 Technical Advisory Committee (TAC). Participants in the TAC deliberations included representatives from Best Buy, Dell, Microsoft, UPS, the federal government’s General Services Administration (GSA) and large and small electronics recyclers and refurbishers.

The R2 Standard was originally developed by a multistakeholder group convened by the U.S. Environmental Protection Agency (EPA).

Operations certified to R2:2008 will have until the end of 2014 to transition to the updated standard, R2 Solutions notes.

Securis Offers Franchise Territories
Chantilly, Va.-based Securis Inc., which was among the Inc. 500 fastest growing companies in 2012, has announced the availability of new franchise territories in the Mid-Atlantic for its electronics recycling and data destruction services.

The company says it is establishing a nationwide network to serve the large and fast-growing electronics recycling and data security markets.

“We never want a single laptop, hard drive, smartphone, monitor or any other piece of electronics to be discarded in a way that disturbs our environment or puts company or government data at risk,” says Securis CEO and founder Jeremy Farber. “By offering franchise opportunities in major markets, Securis will be able to serve hundreds of thousands of additional customers.”

Farber adds, “Now, with our franchise expansion, qualified individuals who are interested in helping safeguard the environment as well as sensitive corporate data have the opportunity to be part of one of the most trusted brands in this growing and exciting space.”

Founded as PC Recycler in 2000, Securis provides information technology asset disposal (ITAD), including secure electronics recycling.

Those interested in learning more about Securis franchise opportunities can visit www.securisfranchise.com.

Cornerstone Records Management Makes Executive Appointments
Cornerstone Records Management, headquartered in Elkridge, Md., has named Barry Polan to the post of senior vice president of sales, Fred Diers to the position of vice president of client advisory services and Walter L. Caudill as senior vice president of operations. These new appointments closely follow the installation of a new CEO at Cornerstone.

In February 2013, Doug Mann joined Cornerstone as chief executive officer, replacing Kent Misemer. According to his biography on the Cornerstone website, “Doug has successfully transformed companies into world-class organizations.” The company adds, “Focusing on increasing organizational effectiveness—highlighting recognition and reward, training and development and business process improvement—has motivated productive workforces and developed organizations into customer-centric companies.”

According to the company, the addition of Polan and Diers is integral to Cornerstone’s new strategic direction to provide clients with secure, compliant and flexible records and information management solutions through a consultative method, while Caudill will help the company provide more efficient solutions for managing information assets.

Polan will work with the company’s national sales team to implement marketing initiatives and sales processes designed to grow sales across all channels. Employing a consultative approach that focuses on helping clients, he will work to establish strategic partnerships to produce responsive, reliable and cost-effective records and information management programs, Cornerstone says.

Diers’ primary focus is to advise clients and prospects in developing and implementing enterprise-wide records and information management programs focusing on a governance life-cycle approach, the company says. In this role, Diers will collaborate with clients to streamline records and information management processes while reducing costs and strengthening information accession standards.

“Barry comes to us with an incredible track record of building world-class national consultative sales teams and driving tremendous sales growth,” Cornerstone CEO Mann says.

For more than 17 years, Polan has helped to grow the sales of companies such as Peeq Media in California, where he served as vice president and general manager and as vice president of sales at Coloredge, also in California, where he exceeded sales and profit goals for five consecutive years, Cornerstone says.

“Fred Diers brings critical technical knowledge regarding governance, risk and compliance to Cornerstone and uses that expertise to build world-class records and information management programs,” Mann says.

Prior to joining Cornerstone, Diers served for 40 years in executive positions as a practitioner and consultant within the records and information management industry. He is a past president of ARMA International, a certified records manager, a fellow of ARMA International and a winner of the Emmett Leahy Award, which recognizes excellence in records and information management.

Caudill has a long history in the records management industry, according to Cornerstone, with experience in implementing operational best practices. In his new role with the company, he will work on initiatives such as establishing new best-in-class customer on-boarding, developing facility tours and creating product and service demonstrations and operating procedures.

Mann says, “In keeping with our goal of achieving organic growth by maximizing customer service levels to existing customers, we expect Walter to use his tremendous industry experience and knowledge to drive new levels of performance, continuous improvement, operational mastery and organizational discipline at all levels of the company.”

Commodity Report Summer Slide Prices for sorted office paper (SOP) as reported by PPI Pulp & Paper Week June 5, 2013, show some softening compared with the previous month. The only region that did not experience a decline in pricing was the Southeast, which maintained pricing in the range of $125 to $135. The San Francisco/Los Angeles and Pacific Northwest regions both reported a $10-per-ton decline in prices from the previous month, with the California cities seeing $160 to $170 per ton and the Pacific Northwest, $140 to $150. The decline could be related to China’s Operation Green Fence, which is hindering paper shipments to that country. Chinese officials have indicated that Operation Green Fence will run through November 2013. However, a recent “ISRI Leadership Update” offers recyclers hope that China may dismantle its green fence earlier than November. “Update” author Robin Weiner, president of the Institute of Scrap Recycling Industries Inc. (ISRI), also says some of the problems recyclers in the U.S. and Europe are experiencing may have less to do with inspection issues and more to do with import licensing. According to Weiner, ISRI learned of this information while traveling through China, attending conferences and meeting with Chinese government officials, recyclers and industry consumers as well as with U.S. and European exporters. She writes that several officials ISRI staff spoke with during their time in China indicated that the initial level of enforcement may lessen “significantly” if not conclude well before Nov. 30. “And several industry members from both the U.S. and Europe confirmed to us that, from their standpoint, it appears that CIQ (China Entry-Exit Inspection and Quarantine Bureau) is relaxing the enforcement level, except for those who have had a history of shipping problematic loads,” Weiner adds. (Additional information on secondary paper markets, including breaking news and consuming industry reports, is available from SDB’s sister publication Recycling Today at www.RecyclingToday.com.)

NAID Introduces Shred School Website
The National Association for Information Destruction (NAID), based in Phoenix, has launched a new website for Shred School at www.shredschool.com. The site outlines the newly designed curriculum, materials, schedules and locations for Shred School events.

NAID says it will use Shred School as a platform for training industry rank-and-file employees and professionals interested in entering the secure destruction industry. Each Shred School workshop is two days and each attendee receives a workbook followed by a certificate of completion. During the two days, trainers will discuss records and information management (RIM) and secure destruction services, industry terminology, laws and regulations, sales, marketing, event planning and NAID programs and tools.

Shred School workshops scheduled for 2013 include:

• Aug. 14-15, Hyatt Harborside at Boston’s Logan International, Boston;
• Aug. 28-29, Hyatt Regency Orlando International Airport, Orlando, Fla.;
• Sept. 28-29, Hyatt Regency Dallas-Fort Worth Airport, Dallas; and
• Oct. 16-17, Doubletree by Hilton San Francisco Airport, San Francisco.

“NAID members often can’t afford to send a lot of employees to the NAID annual conferences,” says Jamie Steimer, NAID director of programs and events. “By pricing Shred School affordably and taking it on the road, we hope to provide industry training at a level that was not available in the past.”

The association says it is considering the addition of up to 10 workshops in 2014 and will update its website as new locations and dates are added.

Shred School, along with other member services and related websites, also is featured on the recently redesigned landing page on www.naidonline.org. The former landing page has been replaced by a page containing links to the most commonly visited resources and most important association information, NAID says. “The new landing page is more eye-appealing, substantially increases the website’s search engine optimization results, encourages visitors to stay longer on the site and makes navigating through chapters and other pages much easier,” the association adds.

NAID is the secure destruction industry’s nonprofit trade association, representing more than 1,900 member locations. Its mission is to promote proper destruction of discarded information and to encourage the outsourcing of destruction needs to qualified contractors.

 

© Rmarmion | Dreamstime.com

Sutter Health Patients Affected by Third Breach
Sutter Health, headquartered in Sacramento, Calif., has notified roughly 4,500 patients that they are at risk of identity theft, according to numerous news reports.

The company issued a public notice stating that police found protected health information during an “unrelated investigation.”

According to newspaper reports, the information was discovered during a meth bust.

Sutter says it thinks patients at hospitals in Berkeley, Oakland, Antioch and Castro Valley, Calif., were affected by the breach. The company is offering affected patients one year of paid ID theft protection services as a result. The company is not providing further explanation on how the information was obtained because the investigation is ongoing, reports note.

The patient information involved in the most recent breach may include patient names, Social Security numbers, birth dates, addresses, phone numbers and marital status.

Under the breach notification rules established by HIPAA (Health Insurance Portability and Accountability) and HITECH (Health Information Technology for Economic and Clinical Health) acts, this is the third major breach for Sutter Health. The company’s largest breach, resulting from a stolen computer, affected 4.2 million patients in November 2011. In May of that same year, more than 1,000 patients were affected when paper records were lost.

© 350jb | Dreamstime.com

Looking into the Future
Records and information management (RIM) industry veterans Harry Ebbinhausen, North America president for Boston-based Iron Mountain; Dennis Barnedt, CEO of Oasis Group, Dublin; and Ian Thomas, executive vice president of Irvine, Calif.-based O’Neil Software, addressed attendees of the final session of the PRISM International 2013 Annual Conference. Nate Campbell, PRISM International president and executive vice president of Access, headquartered in Livermore, Calif., moderated the session, Future Trends in Records and Information Management, which examined developments in the RIM industry.

Campbell began by asking the panelists if they feared the decline in the generation of paper records, citing the Storage & Destruction Business 2013 State of the RIM Industry Report, in which 21 percent of respondents said they felt the effect of declining paper generation in 2012.

Barnedt, who founded Access in 2004 and joined Oasis Group in 2009, said he was not “shocked or scared” by the decline in paper. He suggested that RIM companies need to look at providing additional services beyond hard copy records storage. “We are changing as a world,” Barnedt said. “You have to ask clients what they need from you; sell solutions, not box storage.”

Ebbinhausen agreed, saying he was bullish on the tape industry. He added that digital information is expanding and that it is no different than paper records in that 90 percent of the information will rarely be accessed. This fact makes tape an affordable storage medium in that the economics are favorable to disc storage, he said.

“It’s a matter of understanding clients’ needs and providing the right solution,” Ebbinhausen added.

To newcomers to the RIM industry, Barnedt offered this advice: “If you think you’re getting into box storage, don’t do it.” Instead, he stressed the need for information management that helps clients to minimize their risks and reduce their costs. “It’s no longer about the box or tape but about what is in the box or on the tape,” Barnedt added.

Thomas, whose company provides software for records and information management companies worldwide, said his clients are offering a growing range of services to their customers and getting more involved in their clients’ daily operations.

He also said the cloud was here to stay because it offers operations mobility and provided some examples of how technology such as Google Glass could be put to use in the RIM industry to scan bar codes.

Ebbinhausen predicted that businesses will still be struggling with the integration of digital and physical information 10 years from now. “The cloud offers the opportunity to do that.” He advised that the industry work on developing standards for cloud-based storage and on educating clients about the capabilities of tape storage.

The PRISM 2013 Annual Conference was May 13-16 in Bonita Springs, Fla. The 2014 conference will be May 5-8 in Rancho Mirage, Calif.

FastFact
According to SDB’s 2013 State of the RIM Industry Report, when asked to consider the service areas that present the most opportunity in the next five years, document destruction, records storage and hard drive/electronic media destruction ranked in descending order as “very important.”