Why is it so hard to get hard drives destroyed in New Jersey?

naid_njPhysical destruction by shredding or crushing hard drives onsite is a crucial option for many organizations looking for the most efficient means to securely destroy sensitive data stored on hard drives. Shredding and crushing, when the material is then properly recycled, are environmentally safe and effective forms of complete data destruction. These forms of data destruction are widely practiced in the US and internationally, and meet industry certifications and the government standard NIST 800-88.

Many health care, financial, and other organizations with confidential data require onsite destruction in order to mitigate risk and ensure compliance. However, a New Jersey Department of Environmental Protection (DEP) regulation makes this nearly impossible for these organizations in the state because of its restrictions on vendors who perform these services.

The only state to limit the onsite destruction of hard drives in this way, New Jersey requires that an environmental license must be obtained to destroy hard drives, which can cost as much as $20,000 per year. The law is so restrictive that only one provider is currently licensed to perform hard drive destruction services in New Jersey.

The National Association for Information Destruction (NAID) has announced that it will contest this state law. Lifespan President Dag Adamson serves on the NAID board of directors and will be leading the initiative (originally introduced by Guardian Data Destruction, a NAID Certified data destruction provider). According to NAID, the regulation needlessly hinders the data destruction process.

ITAD vendors that hold NAID AAA certification demonstrate that they adhere to the government data destruction standard, NIST 800-88. Moreover, the certification assures organizations that the vendor is securely destroying data, and has been audited for facility security, training and background checks of employees. Other certifications, like e-Stewards and R2, ensure environmental compliance via audits of onsite handling of hazardous waste. Why should a professional data destruction or ITAD vendor be further required to get this additional license?  This regulation only adds extra costs and hassles for the enterprises that need secure, onsite data destruction.  With the increased risks and costs of data breach, companies need options for their data destruction.  Read NAID’s press release.

Read more about risk management and l compliance in our whitepaper Minimizing the Risk of IT Asset Disposition.