Industry news

Iron Mountain acquires Fontis International

Iron Mountain, headquartered in Boston, has announced its acquisition of Fontis International, a Denver-based provider of a cloud-based subscription service for records retention guidelines. Following the acquisition, Iron Mountain says it now offers “unique capabilities for continuously updating retention schedules that can be distributed in a fully automated manner.”

Fontis helps organizations manage the storage and destruction life cycle of their records using industry and geographic laws and regulations, enabling compliance and legal defensibility for their information management programs, according to Iron Mountain.

As part of the acquisition, Fontis President Steve Formica and Chief Technology Officer Matt Hillery will join Iron Mountain to lead sales and product development for this service and technology-based offering; additional terms of the deal were not disclosed, however.

Fontis’ cloud-based subscription service allows Iron Mountain to deliver automated, up-to-date retention guidelines from around the world that are researched, curated and vetted by legal experts within individual industries and geographies, the company says. Organizations can update their retention schedule via Fontis’ online interface and then publish those to all employees across the enterprise.

“True information management is built on fundamental pieces, building blocks that can mean the difference between effective programs and those not quite good enough,” says Blaine Rigler, senior vice president of global solutions for Iron Mountain. “One of those essential pieces is a records retention schedule that details the guidelines you need to follow, as well as the ability to communicate them as part of your policy to the organization. This acquisition helps us strengthen that piece, ensuring our customers are continuously informed of actionable changes to regulations that impact their information,” he adds. “It fits perfectly with our current solutions and our goal to provide those building blocks for complete, holistic information management to our customers for today and the future.”

Formica says, “We’re excited to join Iron Mountain. We created our products to serve as single sources of truth for managing compliance with the myriad of regulations that information managers face every day. Bringing that capability to Iron Mountain is a natural fit, a strong brand with deep roots and expertise, and we look forward to helping the company deliver on its vision for complete information management.”

Survey finds information protection losing high-priority status

The fourth annual Security Tracker survey, conducted by opinion research firm Ipsos Reid on behalf of information security and destruction company Shred-it, Toronto, points to signs that some U.S. businesses are deprioritizing information security and decreasing their investment in the destruction of confidential information. Shred-it says this marks the first such decline since the first Security Tracker report was issued in 2011 and calls it a “significant behavioral shift.”

According to the new study, 86 percent of corporate suite-level (c-suite) executives are aware of the legal requirements supporting the protection of confidential data. However, 1 in 5 has never performed a security audit, a decline of 13 percent from the 2013 survey.

Almost half of the U.S. small business owners surveyed say they conduct no regular audits of their security protocols, while 3 in 10 have never performed an audit, the survey reveals. Further, 33 percent of c-suite executives acknowledge having a locked console in the office for confidential documents, a 22 percent decline when compared with 2013 findings. The study also found that almost half of small business owners surveyed have no protocols for storing and disposing of confidential information.

“In the four years we’ve been conducting this study, this is the first year we’ve seen a country deprioritize information security,” says Bruce Andrew, an executive vice president at Shred-it. “This is alarming given the fact that companies are facing an increasing number of security risks and should be making information security a priority. It is more important than ever before that business leaders understand the financial and reputational implications when confidential documents fall into the wrong hands.”

Other findings of Shred-it’s fourth annual Security Tracker survey include:

• The number of c-suite executives who simply throw sensitive documents into the garbage has increased to 10 percent, up from 1 percent.
• Seventy percent of small business owners and 30 percent of c-suite executives say they don’t have a cyber-security policy in place.
• Fifteen percent of c-suite executives surveyed are likely to have never trained staff on security procedures.
• Only 38 percent of c-suite executives admit to having an employee directly responsible for managing data security issues at the management level—a 23 percent decline from 2013.

The 2014 Security Tracker results also show some businesses of all sizes lack awareness about information security breaches and underestimate the potential financial and reputational implications, Shred-it says. Four in 10 small businesses owners and 2 in 10 c-suite executives do not think lost or stolen data would seriously affect their businesses. Further, 1 in 5 small business owners and c-suite executives admit to not knowing how their business would be impacted in the event data was stolen or lost, according to the survey.

fastfact
Seventy percent of small business owners and 30 percent of c-suite executives say they don’t have a cyber-security policy in place, according to Shred-it’s fourth annual Security Tracker survey.
 
 

Delaware law adds destruction requirements

Delaware Gov. Jack Markell signed House Bill 295 into law July 1, 2014, which amends Title 6 of the Delaware code relating to commerce and trade and the safe destruction of documents containing personal identifying information.

The law goes into effect Jan. 1, 2015, and requires commercial entities “to destroy or arrange for the destruction of” hard copy and electronic records containing personal identifying information at the end of its retention period using a method that makes the information “entirely unreadable or indecipherable through any means” by “shredding, erasing or otherwise destroying or modifying the personal identifying information in those records.”

The law seeks to ensure the security and confidentiality of consumers’ personal identifying information; to protect against foreseeable threats to the security or integrity of this information; and to protect against unauthorized access to or use of consumers’ personal data that could result in harm or inconvenience to consumers.

The law does not apply to entities that are covered by existing federal data security laws, such as banks, credit unions or financial institutions per Gramm Leach Bliley that are subject “to the regulation of the Office of the Comptroller of Currency, the Federal Reserve, the National Credit Union Administration, the Securities and Exchange Commission, the Federal Deposit Insurance Corp., the Office of Thrift Supervision and the U.S. Department of the Treasury or the Department of Business Regulation” or to the privacy and security provisions of the Gramm Leach Bliley Act. Health insurers or health care facilities subject to the Health Insurance Portability and Accountability Act (HIPAA); consumer reporting agencies subject to the Federal Credit Reporting Act and government entities also are exempt from the law.

The law states that commercial entities are subject to one violation for each record disposed of unreasonably.

Consumers who experience actual damages related to a violation of the law are permitted to file a civil case.

In addition, the law states, “Whenever the Attorney General has reason to believe that a violation of this chapter has occurred and that proceedings would be in the public interest, the Division of Consumer Protection of the Department of Justice may bring an action in law or the Division of Consumer Protection may bring an administrative enforcement proceeding pursuant to Chapter 25 of Title 29. The provisions of Chapter 25 of Title 29, including those regarding remedies, cease and desist orders, violations, penalties and appeals, shall apply to this Chapter.”
 

AccuShred’s Shred Cancer program raises $50K

AccuShred, an information destruction and electronics recycling company headquartered in Toledo, Ohio, has announced that its Shred Cancer program has raised $50,000 for Susan G. Komen of Northwest Ohio since launching in August 2011.

The Shred Cancer program seeks to raise awareness and funding for breast cancer by encouraging AccuShred customers to display and use the company’s secure pink bins for holding their sensitive information prior to destruction and to make a donation for each bin AccuShred services. Every time the pink bins are picked up, AccuShred matches the customer’s contribution—dollar for dollar—with 100 percent of the money going to Susan G. Komen of Northwest Ohio to support local breast health programs and breast cancer research.

“When we started, we thought the Shred Cancer program would be a great way to support a cause we really cared about,” says Nate Segall, AccuShred president. “But it’s exceeded our wildest hopes. To raise $50,000 in just three years is incredible. It’s a real testimony to our customers and the positive impact Komen Northwest Ohio is making in our community,” he adds.

“As AccuShred’s Shred Cancer program reaches the $50,000 giving milestone, Komen Northwest Ohio is grateful for the visionary leadership that raised $37,500 to fund 300 mammograms and breast health services for uninsured women and men in our service area and dedicated $12,500 to funding breast cancer research to find the cures,” says Mary Westphal, executive director, Susan G. Komen of Northwest Ohio. “This program generates widespread awareness about the importance of early detection by placing pink bins in local businesses and returning a portion of the proceeds to Komen. AccuShred’s direct impact is significant, and their partnership with Komen Northwest Ohio is saving lives in the fight against breast cancer.”

AccuShred, a subsidiary of State Paper and Metal Co., was established in 2002 and was the area’s first AAA NAID (National Association for Information Destruction) certified information destruction firm. The company provides on-site and off-site document destruction service and electronic scrap recycling. The company serves customers in northwest Ohio and southeast Michigan.
 

Access expands further

Rob Alston, CEO of Livermore, California-based Access, has announced the records management company’s recent acquisition of InfoCare Inc., Bellingham, Washington, and The File Annex Inc., Buena, New Jersey. These are the company’s 69th and 70th purchases, respectively, since its founding in 2004.

The InfoCare purchase marks the company’s entrance into the northwest Washington market, while The File Annex purchase expands Access’ presence in Philadelphia and New Jersey.

Gene Gallaher formed The File Annex in 1990 with one small warehouse and one van. Acquiring another local records management company in 1993, the File Annex grew to include a dedicated staff and records storage facilities on two campuses, serving a growing list of valued customers, Access says.

Access Vice President Tim Walker is coordinating the full integration of this new branch and its clients.

Walker says, “This expansion eastward from Philadelphia is a natural for us. We can now easily serve all of southern New Jersey from the Buena facilities and, as we have to date, from our headquarters in Aston, Pennsylvania.”

Mike Gallaher, former operations manager of The File Annex, will run the business in collaboration with the Access Philadelphia operations team.

Diana Roley, former InfoCare operations manager, has been named manager of Access’ new Bellingham branch.

Howard Furst, former InfoCare owner, says, “Since we opened our doors nearly 20 years ago, it has always been my first priority to offer the highest level—and the most comprehensive—records services available in northwestern Washington. It was clear to me that Access could offer our customers even more while allowing them to do business with a single vendor in so many markets throughout the country in which they do business. This is a real win for our staff, too, since they will now have so many opportunities to grow in their new careers with Access.”

Access President John Chendo comments, “We are pleased to be expanding our northwestern region, enabling a greater number of businesses, law firms, health care and other organizations access to our broad range of solutions.”

Access now serves 31 markets across the United States and in Latin America.