The Basel Action Network (BAN) is requiring all of its e-Stewards certified vendors to also become National Association for Information Destruction (NAID) AAA certified in any Electronic Media that they work with (HDD, SSD, etc.) by October 4, 2021. BAN’s stated reason is “demand from their major enterprise customers” for, as NAID describes it, “assured data security and regulatory compliance.”
As you’ll see in the article, this is a tacit acknowledgement that recycling standards like e-Stewards and R2 (Responsible Recycling) do not incorporate the industry best practices for data destruction required for the growing number of data protection laws and regulations already in place such as the EU’s General Data Protection Regulation (GDPR), and newer ones like the state of New York’s SHIELD Act.
This evolving data protection environment is making it a certainty that when Personally Identifiable Information (PII) is trafficked on the Dark Web, Deep Web or elsewhere, that the company from where it originated will pay crippling fines. The penalties are made even worse if companies haven’t reported the data breach yet, even if it’s because they aren’t aware it occurred, or they cannot show they have done their due diligence in their practices and vendor selection.
That’s where picking the right ITAD vendor comes in. Companies often retire IT assets that still have data on them. NAID AAA certified vendors are obligated to report those instances back to the company and destroy the data. And NAID AAA certified vendors follow the strictest data destruction protocols in the ITAD industry, with stringent security, auditing, and record retention requirements.
That’s why countries like Australia, many local and federal US government agencies, and a growing number of corporations require NAID AAA certification in their requests for proposal. How does your company’s ITAD strategy compare?