An Ambitious Plan to Redefine Secure Destruction

I have told the story many times. I had traveled half way around the world to make several presentations in Europe. After being introduced to speak to a group of business professionals in Warsaw, Poland, I noticed a hand in the air before I even spoke. As translated, the question was: “With all due respect, was there no one closer than Arizona who could talk to us about shredding?”

Although that happened almost eight years ago, it marked the beginning of the thought process that led to the association’s recently launched NAID ’em campaign. In general, people think of data destruction as the act of shredding or, in the case of IT assets, wiping. Like the lady in Warsaw, they see it as a very simple process, one that certainly does not require an expert.

And, it is not just the layman who thinks this way. Policymakers and security professionals perpetuate the concept that data destruction is nothing more than shredding or wiping. I often have said that I could be completely compliant with many government destruction specifications if I used known criminals and destroyed information on the most crime ridden intersection of town. Their specifications focus simply on the act of destruction, not the attendant processes required for proper secure destruction.

The problem lies in the limited scope of the words we are saddled with. “Shredding” and “wiping” evoke the simple destruction event to the exclusion of employee screening, access control, training, written policies, written procedures, auditing and vendor selection criteria. In the absence of a word that better characterizes the full scope of proper data destruction, we are forced to default to words that, by definition, undermine the need and value of a more thorough and compliant approach.

What word could better encompass the full definition of proper destruction than the unique acronym for the association whose mission it is to define and promote proper data destruction? For many, including service providers and customers, NAID is already synonymous with proper destruction.

And so, the association set out to change the conventional terms that undermine the industry’s inherent value. Somewhere along the way, NAID members and their customers will benefit from this terminology, which better captures the principles of proper data destruction. We no longer just shred documents and wipe drives because that sells NAID members short. We “NAID ’em.”

Bob Johnson is CEO of the National Association for Information Destruction, Phoenix. He can be reached at rjohnson@naidonline.org.