Be Confident Your Documents Were Destroyed With a Certificate of Destruction
A certificate of destruction (COD) is a document that serves as a receipt for documents, hard drives, or other electronic media that have been destroyed. In addition to containing important details about the destroyed materials, a COD is a confirmation that your items have been securely eliminated and your service provider is compliant with privacy laws. Let’s learn more about why certificates of destruction are so vital!
When is a certificate of destruction needed?
A COD is necessary if your business deals with documents or records that contain confidential information. Depending on your business, your industry, and the type of information accessed or stored, there may be multiple privacy regulations that must be adhered to. In general, the following types of information are considered confidential and should be securely destroyed:
- Financial details
- Personally identifiable information (PII), including Social Security number, birth date, and marital status
- Any information protected by privacy laws, such as the California Consumer Privacy Act
- Sources of revenue
- Expenditures and losses
- Key business processes or operations
- Inventory details
It doesn’t matter if the information in question pertains to companies or individuals, or clients, customers, or employees. In fact, when it comes to employees, there is even more data that should be kept confidential. Beyond basic administrative details, such as timesheets, direct deposit forms, and pay rates, any of the following should be securely stored and eventually disposed of:
- Employment information (such as contracts, pay rates, and benefits)
- Job performance data (like performance reviews and warnings)
- Termination details (including termination records and unemployment insurance claims)
In order for your company to ensure its compliance with privacy and security laws, a certificate of destruction should be received and filed every time your records and digital media are shredded. This COD, which shows that you have taken the proper steps to safely destroy confidential information, is useful in case of an audit.
What does a certificate of destruction contain?
Certificates of destruction should thoroughly document the service received. They generally include:
- Client information (name and contact information);
- Service provider information (name and contact information);
- Order number;
- Date of service;
- Details about the scope of work, type of service received, and method of destruction; and
- A signature of the service provider’s staff.
In short, a valid COD should contain any and all relevant details regarding the service you received in order to satisfy regulatory or audit requirements.
How do you receive a certificate of destruction?
A shredding company that is focused on compliance and privacy will issue certificates of destruction as a statement of the services that you have received. It’s important to know that CODs are self-issued — no outside third party issues them. Even if a shredding company supplies you with a COD after service, that doesn’t necessarily mean that they hold any type of certification (like NAID AAA Certification) or that their security practices have been audited.
Avoid data breaches
Businesses have a legal and ethical duty to securely destroy confidential information about the company, its clients or customers, and its employees. Ensure that you don’t have any loose ends when it comes to security and avoid an embarrassing (and potentially expensive!) data breach. Choose a reliable and trustworthy company that issues certificates of destruction and holds NAID AAA Certification — DataSafe!
We’ve been the go-to shredding company in the Pacific Northwest for 35 years. From shredding paper to destroying hard drives (and whether shredding one box or a warehouse full of boxes!), DataSafe makes sure that your private information stays private. Plus, your personal safety is of the utmost importance to us. Read our COVID-19 Safety Procedures.