Shred America adds data protection officer

Shred America LLC, Fort Mill, South Carolina, has announced that it has retained Privata Vox LLC of Phoenix to fulfill its data protection officer (DPO) obligation. Bob Johnson, the former founder and CEO of the National Association for Information Destruction (NAID) and the architect of globally recognized NAID AAA Certification, is the founder and principal advocate at Privata Vox.

Ryan Richard, Shred America founder and CEO, says retaining Privata Vox exemplifies the company’s ongoing commitment to aggressive regulatory compliance and to superior client service.

“With Privata Vox as our company’s DPO, not only do we better address our clients’ compliance requirements, but we are also held to a higher level of scrutiny and have immediate, real-time access to one of the most highly regarded data protection and privacy experts in the world. As always, we felt that our clients deserved the best,” he says.

“Every data protection regulation either expressly or implicitly mandates that data processors designate a qualified professional to be responsible for regulatory compliance,” Johnson says. “The same can be said for NAID AAA Certification, ISO [International Standards Organization] 27001, SOC [System and Organizational Controls] I & II, R2v3, ADISA [Asset Disposal and Information Security Alliance] Certification and the PCI [Payment Card Industry] Data Security Standards. Many service providers appoint an employee with little expertise or accountability. Others ignore the obligation altogether. The fact that Shred America is taking this responsibility so seriously reflects their continued dedication to industry leadership and I am proud to be associated with them.”

The concept of outsourcing the DPO role dates to the EU Data Protection Directive in the 1990s, Shred America says in the news release announcing the appointment. The fiduciary role has, however, gained significantly more importance after becoming an enforced requirement of the General Data Protection Regulation (GDPR). Because of the GDPR’s borderless aspect, it is incumbent on data controllers in the U.S. doing business in the EU to verify their data processors have the required DPO. More recently, 10 U.S. states have enacted GDPR-like regulations, with an equal number preparing to do the same.

As Shred America’s DPO, Privata Vox will assist with its compliance with relevant regulations and with Shred America’s own policies, raise executive awareness and train staff involved in direct processing operations. Privata Vox also will assist with subcontracting due diligence and interface with authorities and clients on regulatory and standards requirements.

Ray Barry, a partner in Shred America, says he believes the relationship with Privata Vox goes beyond regulatory compliance.

“Once we realized where the regulations were going and what was needed, our decision to retain Privata Vox boiled down to what was best for our clients,” he says. “Given Bob Johnson’s unequaled pedigree and acumen, both our team and our clients have access to one of the world most recognized information destruction authorities.”