Shred event liabilities are worth considering
May 9, 2013
In Tuesday’s NAIDnotes post, I tried to delineate the evolution, relative merits and divergent perspectives on shred day events. Today, I’d like to delve into the liabilities related to such event, some of which are often overlooked.
As long as this blog is, it provides only a summary perspective on liabilities associated with shred days. I am sure some will see this post as intended to discourage such events. That is not necessarily so. It is designed to make members think about issues they may overlook. But it is also my way of saying, “Look, if you are going to offer these events, conduct them as a professional.” That means you are aware of the liabilities of all parties to the event and that you do what you can to limit them.
Of course, the nature and extend of the liabilities of shred days or e-scrap take-back programs are varied and dependent upon the circumstances of the event. Those liabilities, whatever the circumstances, fall into two basic categories: liabilities related to the fiduciary responsibility inherent in handing others’ personal information and liabilities related to holding an event in a public, uncontrolled environment. In the latter case, the event-oriented liabilities revolve around crowd/traffic control and personal injury. What if cars back up into the street and an accident results? It could be argued that someone should have anticipated this and arranged for traffic control by the local police. And, further, the failure to do so caused the accident. We all know the ambulance chaser is going to name everyone who is a party to the event. While it would have been prudent to establish responsibility for such issues in a contract with the property owner and event sponsor, that contact is not going to keep your company’s name out of the lawsuit. That said, I do not get the sense that secure destruction services offering these event are executing the advisable contracts and indemnification protections required.
The only intimate involvement NAID ever had with shred day events was a decade ago when we coordinated a national event in partnership with OfficeMax. NAID held itself to a relatively high standard of protection for that event, including an elaborate contract between NAID and OfficeMax. Separately, NAID and OfficeMax had contracts with each property manager/property owner of the hundreds of shopping centers involved. NAID also obtained releases from every member participating, which included a requirement that NAID and OfficeMax be named “additionally insured” on a certificate of insurance issued by the member’s general liability insurer. Also, NAID required members participating in the event to use a specific receipt with each person delivering material for destruction, which held the member and all other event sponsors harmless from the general liability issues as well as the data-related liabilities.
That brings us to the second major category of liability: unclear and/or unspecified acceptance of fiduciary responsibility and transfer of custody. No one should ever consider taking boxes of records from a paying B2B client with no paperwork, no clear transfer of custody and no clear acceptance of fiduciary responsibility. It would be legally untenable, borderline negligent and demonstrate a flagrant disregard for regulatory requirements. Unfortunately, it appears to me that many shred events operate that way, as do most electronic take-back programs. Ok, these are not businesses. And, I understand they are not paying for it. Still, it so far out of line with the proper way of accepting regulated personal data, it is hard to defend that approach.
A better approach is to create signage and a document that establishes liability limits, harmless agreements, and responsibilities. Further, such agreement should have language stating the participant understands and accepts there is no way for the service provider or the participant to establish what was or was not in the materials that were destroyed, and that being the case, any right to claim to an item was not properly destroyed would be baseless, unreasonable and, therefore, is forfeit. Also, acceptance of materials at a shred event does not fall within the requirements of NAID Certification, meaning NAID Certified members involved in such events are require to post notice or provide disclaimers to participants stating that the service provided is not NAID Certified.