Thriving on compliance

Confidential. Security. Shredding. NAID (National Association for Information Destruction). Privacy. Opportunity. Integrity. These are all answers I received when asking other secure records and information management (RIM) industry professionals this question: What word comes to mind when you think of the document destruction and storage industries?

I had an answer in mind, and while none of the responses I received matched exactly, they all led to the word I was seeking: compliance.

Our industry thrives on compliance. Not only are we highly regulated, but most of the industries we work with are highly regulated as well. Achieving and maintaining compliance hinges on understanding the rules and regulations governing the commercial RIM industry and the clients we serve. Doing so can make you a master in your marketplace, a resource for your community and an effective salesperson.

By definition, regulatory compliance describes an organization’s conformity in fulfilling official requirements. More specifically, it describes an organization’s efforts to ensure it is aware of and is taking steps to fulfill its obligations under relevant laws and regulations.
 

Integral to operations

As a certified secure destruction specialist (CSDS) through Phoenix-based NAID, I have found compliance to be an integral part of my professional day-to-day environment. CSDS accredited individuals are required to ensure we are aware of and are meeting the privacy and data destruction regulations that have been put in place. Therefore, when someone is working with a CSDS, she knows she is working with someone who understands what her company needs to be in good standing with the privacy laws and regulations governing her business.

While CSDS is an individual accreditation within NAID, businesses can seek certification at the company level through NAID and PRISM International. These certifications provide clients with another level of assurance that their service providers understand and comply with various regulations.
 

Help is available

As I mentioned, many people think of NAID when they think about the document destruction industry. This is largely because when they need information regarding compliance, industry trade associations are a great place to start. Companies specializing in document destruction most likely would turn to NAID, while those specializing in records management and storage would seek assistance from PRISM International, and those specializing in information management would go to ARMA International.

Recently returning from NAID’s Shred School, I earned the credit I needed to maintain my CSDS accreditation. Beyond that, I learned new information and techniques that make secure destruction service providers invaluable to our customers while brushing up on others.
 

Pertinent requirements

Each industry that we serve has pertinent regulatory requirements, whether it be the Health Insurance Portability and Accountability Act (HIPAA) and the Health Information Technology for Economic and Clinical Health (HITECH) for medical fields, the Sarbanes-Oxley Act (SOX) and the Gramm-Leach-Bliley Act (GLBA) for the financial industry and the Family Educational Rights and Privacy Act (FERPA) for educational institutions, to name a few.

One data protection regulation all industries are subject to is the need to have policies and procedures in place as to how to handle information that has personal identifying information (PII). Whether the company shreds in-house, outsources or incinerates, the method and process used must be stated in writing.

NAID has a program that allows its members to assist clients or prospective clients in developing those written policies and procedures and to provide employee training documents, insulating customers from the consequences of regulatory violations. This information can be found in the Information Destruction Compliance Toolkit offered by the trade association.
 

Value in education

The greatest asset in terms of compliance is education. First and foremost, you must understand what is required to achieve compliance. This will allow you to demonstrate to your customers that you are taking every step you can to assure they are compliant. In some ways, it follows the old adage that to help others you must first help yourself by being a master of your craft. To be a master, you must first be a student.

Once you know that you have fulfilled all the requirements to guarantee your company is compliant, you can begin to learn what other industries require. By mastering the regulations and laws and ensuring your ability to assist your clients in compliance, for example by helping companies create the policies and procedures they require, you’re raising the standard in the industry and standing out among your peers. You’re also an invaluable resource for your client.

It’s important to take advantage of educational opportunities. Separate from the fact that it can keep you compliant with certifications and accreditations in your industry by earning continuing education credits and that there is always new information to learn, these educational opportunities provide the chance to speak with other masters in the industry and to see how they are using the available tools.

The NAID 2015 Annual Conference will be March 20-22 at the Gaylord Texan Resort in Grapevine, Texas. I have had the opportunity to work on the NAID 2015 Conference Committee as its chair and have been working closely with NAID officers and committee members. We have made a commitment to bring our attendees sessions in compliance, sales and marketing, diversification, operations, management and more. Some sessions are basic, while others are advanced. As previously mentioned, these sessions are all intertwined with mastering compliance.

The conference is designed for attendees to network, adapt, innovate and develop, or “NAID,” if you will. Additionally and importantly, attendance at the conference enables you to see how others are using the Compliance Toolkit, customer employee training videos and the Doctors’ Office Marketing Program, a program designed to help doctors and dentists learn what they need to know about regulations set forth through HIPAA and HITECH.

Through those conversations, you can learn what will and will not work for your business. Even though each company provides the same service, we all have a unique niche and approach. It may be necessary to adapt and create a new approach that works for your individual business. This also is an excellent opportunity for those with CSDS credentials to obtain continuing education credits.

PRISM International offers many opportunities for its members (and nonmembers as well) to learn, network and grow. May 17-20, 2015, PRISM will host its 2015 annual conference at the Hyatt Regency Hill Country Resort and Spa in San Antonio. Attendees can expect innovation clinics and discussions about the present and future state of record management.

If you seek more educational opportunities from different associations or wish to attend other conferences and expand your knowledge, visit www.SDBmagazine.com/CalendarEvents.aspx for more information.

By taking advantage of these educational opportunities and the networking they offer, you can be well on your way to being a compliance expert for your company and your clients.

Gina Lentine, CSDS, is vice president of sales and business development for Assure Shred, Ringoes, New Jersey, and can be contacted at gina@assureshred.com.