Skip Navigation
 
 

NAIDnotes

Bookmark and ShareTuesday November 13, 2012

In-house destruction puts the fox in charge of the hen house

By Bob Johnson, NAID CEO

Most NAID members know that I was in the secure destruction business for 14 years prior to founding NAID. While the marketplace has changed immensely in the 19 years since, my time in the trenches when the industry was very young showed me the value of outsourcing.

For instance, in 1986, I did a sales call at the labor relations department of one of the Big Three automakers in Detroit, Mich. Labor relations is obviously a huge issue for automakers since its main purpose is negotiating with the labor unions. Not only are they responsible for negotiating the main contracts, they are also involved in settling hundreds of disputes every year. This particular department was not housed in the company’s headquarters. I do not know if that was by design or for space reasons. Of course, I was also calling on the automaker’s headquarters, which was currently destroying about four tons of paper a day in house. 

On the sales call with the labor relations department representatives, I faced an uphill battle. They were getting the destruction provided by the headquarters for free. Unlike other companies, there was not an internal charge-back system in place.

The meeting was almost over when it occurred to me they might want to rethink their program.

You see, in my pursuit of the headquarters, I was informed that in order for my company to provide services, I would have to employ union workers. Per their contract, every non-management position at the headquarters was unionized. It turned out that the labor relations department had been sending their discarded paperwork to the union workers in the basement of the headquarters for more than a decade. When I raised this point in the meeting, my contact turned white, picked up the phone, and stopped the procedure on the spot. We got the business.

As I said, this is a dramatic and acute example of a situation where employees should not have been involved in the destruction process. As a result, it was easier for them to see the practice was insane. Most organizations that still have in-house destruction programs have similar issues. Although the issues may not be as clear cut as with the automaker, in general, employees are not the most qualified. 

Think about it. Employees have a working knowledge of the company and are in an excellent position to comprehend the information they are destroying. When it comes to personnel issues (e.g., salaries, health or disciplinary issues), the employees might know the people involved or gossip about the information. 

Outsourcing information destruction services has long established itself as a more efficient and convenient alternative. Not too many customers realize that by taking employees out of the equation, outsourcing is more secure.

Comments: 1 | Reply

   Rick Metz    November 14, 2012 11:02 am | Reply | 0 Agree | Flag Abusive

I agree with your points - most businesses don't see the risk of their method until it is viewed from an outsiders point of view. I tried for several years to convince a local manufacturer about the risks of shredding in-house and then giving the shreds to local farmers. That system worked great for them until a bag fell from the farmers pick-up truck and split open on the highway. It exposed hundreds of employees records, including SS numbers, in strip-cut, easy-to-reconstruct pieces. It was an amazing coincidence that I traveled up the same highway just moments after this occurred. To make a long story short, they are now very satisfied customers.

I also met with a college who uses students to shred other student financial and academic records as a work study program. They house the shredder under a stairwell to reduce the noise and the students work alone as they hand feed the sheets into the shredder. The shreds are bagged and thrown into a dumpster. Unfortunately, they decided that offering this chance at an on-campus job was more important than the security of outsourcing. The best thing we can do is continue to educate about the risks of inadequate data protection.

Return to Current Blog