A virtuous circle

Features - Secure Destruction

Offering certified information destruction can keep office fiber and electronic scrap flowing in down markets—and provide a valuable service.

February 28, 2020

Photos: Jim Rohman

Recycling companies are accustomed to providing a valuable service, but it’s often a service dependent upon achieving an acceptable margin between what is bought and what is sold. Information destruction services, however, continue to offer a second model less dependent on margin buying and tied instead to selling confidence in a company’s security procedures.

Two trends are strengthening the secure destruction sector: 1) a sustained trough in some commodity markets, narrowing the commodity profit margin; and 2) the proliferation of personal and corporate data into a larger number of electronic devices and appliances.

Measuring value in different ways

Recyclers and paper mills have long sought office paper, giving it an intrinsic value that may vary from month to month but largely has stood the test of time. Likewise, metals found in office and consumer electronics have attracted the attention of recyclers for decades.

By the latter decades of the 20th century, the information security aspects of paper documents were gaining attention, and in the early 1990s initial meetings of what would become the National Association for Information Destruction (NAID) were being held.

In 1995, NAID became a chartered nonprofit, and its founding member companies were setting out principles and guidelines for service providers that emphasized the security aspects of document (and soon hard drive and electronics) destruction over the commodity value. (Phoenix-based NAID is now part of i-SIGMA, which also includes records storage association PRISM.)

Subsequently, numerous recycling firms have researched and invested in the secure destruction sector, positioning themselves to offer both services to their customers.

Texas Recycling President Joel Litman, who co-owns that business with his brother Craig, says the Dallas-based firm founded its Action Shred of Texas sister company in the early 2000s to offer document destruction services. “Once we opened Action Shred with shredding capacity, our customers who wanted their documents shredded did not object to paying for that type of destruction,” he says.

Recyclers offering NAID-certified destruction services may enjoy the best of both worlds when it comes to service models, but Bob Johnson, CEO of i-SIGMA and a founder of NAID, says they are best served by committing to the security service revenue model.

“When the value of commodities like paper or metals or circuit boards is high, processors often take the path of least resistance by lowering or ignoring service revenue,” he says. “Conversely, when commodities are depressed, our mantra that secure data destruction is better positioned as a stand-alone, service-revenue model makes a lot of sense to them.”

Don Adriaansen, a founder of Pipersville, Pennsylvania-based Titan Mobile Shredding LLC, says his firm’s business model has been focused on security services since it started in 2005. “We always presented our secure destruction services as a tool for security and compliance to our customers.”

“The good news is that while the security, service-revenue approach is not something [companies] can just turn on or turn off and something that can’t be faked,” Johnson says, “once a service provider makes the commitment, they get the benefit of the consistent revenue while at the same time being insured against commodity downturns.”

The era of high liability

Recyclers well know that commodity pricing is cyclical, but providers of secure destruction services seem to be living in a world where the need for secure disposal of information and data only proliferates as a service.

That might not be as true in terms of volume on the document destruction side, where electronic record keeping has begun to outpace ink-on-paper documents in most workplaces, but it seems unquestionably true regarding personal and office electronic equipment.

“All discarded information needs the same high level of security and diligence, regardless of the media on which it is recorded,” Johnson says. “We see the same continuum of regulatory and security concern for both” paper and electronic files, he adds.

The potential for data breaches and the importance of information security has reached a point, Johnson says, where service providers might wish to run the other direction if they encounter a potential customer who shows a cavalier attitude toward it. “Any service provider that encounters a customer focused solely on price is dealing with the wrong person: It’s as simple as that.

“In fact, according to today’s data protection and privacy regulations, focusing solely on price is illegal,” Johnson continues. “The customer has an obligation to verify their service provider is compliant with regulations. That same customer also has legal obligations related to the contracts used with any service provider with which they share personal information,” he adds.

Adriaansen points to heightened federal regulations, such as the Federal Trade Commission (FTC) Disposal Rule of 2005, the Gramm-Leach-Bliley Act (GLBA) and the Health Insurance Portability and Accountability Act (HIPAA), as long having provided a boost to the secure destruction sector.

GLBA, passed in 1999, brought increased privacy and information protection obligations to the banking and finance sector, while HIPAA, originating in 1996, has done the same for medical records. The FTC Disposal Rule requires “any business, large or small, that uses consumer reports [to] dispose of this sensitive information ‘properly’” and is a rule that “also applies to individuals who use consumer reports for a business purpose,” according to the PrivacyRights.org website.

Despite more than two decades of growing attention to data security, “There are customers today who have no knowledge or interest in their regulatory obligations, and there is a growing number who are increasingly more aware and concerned,” Johnson says.

Sold on the future

For sellers and some potential buyers of information destruction services, weighing the benefits of security versus a return on discarded assets might not be a settled matter.

Johnson and most NAID members see the pendulum as having swung toward security, but that doesn’t mean the matter is settled, or that Americans have nothing to worry about when it comes to proper information handling.

When it comes to handling office documents and obsolete electronics, he recommends recyclers look “only for customers that fit the business model of regulatory compliance [and] security from whom they can make a reasonable profit on a consistent basis.”

He continues, “There are plenty of those customers out there, and their numbers are growing fast.”

In a recent i-SIGMA blog post, Johnson writes that NAID members “must continually remind [customers] that [they] offer a security, compliance service” for which customers will conclude it is “worthy of paying a reasonable price.”

Litman and Adriaansen say that even when scrap paper prices rise, their secure destruction customers haven’t asked for new terms.

“Very few accounts have any knowledge of the paper market,” Adriaansen says. “Even when prices were higher in late 2018, we did not see this happen. It’s about security and compliance, not paper prices.”

In an era when office managers keep a wary eye on the latest news of data breaches, selling the service of information security is likely to remain in the portfolio of many recycling firms.

The author is senior editor of Recycling Today and can be reached by email at btaylor@gie.net.