A message to consumers about misleading marketing claims

August 22, 2013

By Bob Johnson, NAID CEO

I’d like to think the increasing regulatory liabilities for data protection would make customers less susceptible to misleading or false marketing claims but the truth is it hasn’t.

That’s a frustrating realization but it understandable. The fact is that as demand for data protection solution goes up, competition intensifies. At the same time, customers in need of solutions are looking for reassurances that they have a reliable solution, making it difficult to detect false or misleading claims. Of course, the irony is that the company capitalizing on the false claims is exactly the type of company to avoid. False or misleading claims are the red flag and, in backwards way, create a compelling reason for eliminating those firms from consideration.

Here are some of the questionable or false claims found on a recent Internet search:

  • U.S. Department of Defense (DOD) certified
  • National Institute of Standards and Technology (NIST) certified
  • Health and Insurance Portability and Accountability Act (HIPAA) certified
  • North American Shredding Association (NASA) certified
  • U.S. Environmental Protection Agency (EPA) certified

Always verify! The safest and most prudent policy is to validate any and all certification claims made by a service provider.

  • Do they really have the certification in the first place? Unfortunately, some providers claim to hold certifications they don’t actually have.
  • Is the certification itself real or meaningful? There are a growing number of certifications that have no substance offered by opportunists looking to capitalize on consumer confusion. It is wise to make sure the certification is offered by a reputable organization with a solid track record. In addition, consumers should make sure the certification requires ongoing audits and unannounced audits. Believe it or not, some vendors simply make up the certification. As I wrote earlier, there is no DOD certification for data destruction, shredding, or electronic destruction operations and, yet, you can find such claims on many websites.

Data protection regulations are clear; organizations have a responsibility to ensure their data-related service providers are qualified. Doing so includes making sure the vendor’s certifications are legitimate as well.