ITADs and Shredders Note: Conditions Continue to Favor a Data Security Focus

October 23, 2019

The premise of my last blog was that there is a big benefit to developing your revenue model based on data security services (i.e., consistent revenue).

I explained how and why the current downturn in commodity pricing presents a unique opportunity for reposition of your firm as a data-security service, e.g., when commodity prices are low, there are fewer commodity-driven competitors contaminating the marketplace with the wrong message.  I maintained that – because low commodity pricing presents an opportunity to transition to a more consistent revenue model. It’s a good thing (even if it is painful).

But there is another compelling dynamic afoot that also supports this transition to security service-based revenue: the unfolding regulatory environment.

A month ago, I sat on a panel discussing the impact of emerging data protection regulations. It was me and three others who represented the financial, healthcare, and insurance sectors.

While they all said increasing fines, data breach notification, and regulatory scrutiny over the past decade had been dramatic, they also all agreed that those changes were nothing compared to the changes being ushered in the laws like the GDPR and California Consumer Privacy Act (CCPA). They all realized these regulations were just the first of what will be a continuing conveyor belt of state and federal laws that will turn data protection upside down.

What’s Changing?

These new data protection laws differ and these industries are so concerned because 1.) they give complete control of personal information to the data subject, and 2.) The protections and authority they provide their citizens are borderless.

Data controllers (the businesses i-SIGMA members serve) who do business with EU or California citizens must now fulfill requests from data subjects (their customers) regarding their personal information and be given the opportunity to correct it or have it erased.

In a world where data subjects have the right to request and review the specific qualifications and contracts of the data processors that will touch their personal information, it is reasonable to assume data controllers will put extra emphasis on the qualifications of those vendors.

So, Here’s the Picture:

Commodity prices are painfully low, reducing the chatter from the paper recyclers and making the market more receptive to the security message.

Regulatory pressure is about to ratchet up geometrically. So at the same time the chatter from the scrap-oriented provider’s wains, corporate clients will be prompted by regulations to respond to a message stressing security and vendor qualifications.

Where to Start?

First, listen to my recent webinar on the new i-SIGMA Universal Service Provider Contract. It not only covers elements of the new contract, but why they are necessary and how you can modify your messaging.

Second, register for the 2020 NAID & PRISM International Annual Conference & Expo. Besides the usual networking and supplier innovations, the educational sessions will focus on how ITADs and Shredders can succeed in the emerging marketplace.

Written By: Bob Johnson