This post was written by the National Association of Information Destruction (NAID)

To organizations using data-related service providers

Using outside services for data destruction, records storage, media rotation, and many other data-related services has grown so popular because they can do it more securely and more economically than organizations can do it for themselves.

However, as the financial and regulatory compliance liabilities around data protection increase, customers have come to realize that they are inescapably responsible in the unlikely event a data breach or other loss is caused by those vendors – no matter how it happened. Let’s face it when 47 states have data breach notification laws and with HIPAA now requiring data breach notification across the country for breaches involving healthcare information, customers have the right to be concerned. Fines for improper data disposal and expenses for data breach notification over the last few years are in the tens of millions of dollars and continually increasing.

That‘s why it‘s common for customers to insist that data-related service providers reasonably indemnify them from any harmful financial consequences they cause. Unfortunately, many of the professional liability products on the market do not adequately address the risks.

So, how then do customers really know they are protected when they usually never even see the policy, and if they do see it, they need a lawyer to decipher the language? The best solution is to require a specific policy developed by organizations worth trusting.

When NAID first learned that many policies contained loopholes that rendered them useless, it started what turned out to be a 4-year project to put together a product that would provide real protections to it members.

Downstream is not available to just any service provider. National Association of Information Destruction also had another goal when helping to create Downstream; to help lower the cost of dependable coverage to its members. To do that, only service providers subject to the security specifications and audits (both announced and surprise) of the NAID AAA Certification process are eligible for Downstream Data Coverage.

So, by insisting that your service provider has Downstream Data Coverage, you are not only assured they have dependable professional liability coverage, backed by NAID’s reputation and the resources and integrity of Lloyd’s – you are also assured by their NAID AAA Certification that you are dealing with a service provider whose operations are intensely audited