Trends in Secure Destruction Around the World
February 4, 2016
It’s rarely a good way to start an article, but I would be remiss if I did not begin with a disclaimer. My knowledge of what is happening in the secure destruction marketplace around the world is shaped on my interactions with NAID members located there as well as the number of service providers there concentrating on secure destruction as a standalone business. In fact, the ability for secure destruction to exist as a standalone business with dedicated operators focused on it, as is the case in Canada and the United States, is one of the main milestones in market development. Certainly, there will always be a significant number of destruction service providers operating from broader operational platforms, typically recycling or records managements, but the number and success of the dedicated secure destruction service requires a broad customer population indicative of a well-recognized need. It is the extent to which that consumer market exists which determines for me where that market is in terms of development and opportunity.
Up to now in this series, I have lumped the U.S. and Canada together when addressing market opportunities in North America. That said, it would be a mistake to view Canada being at the same stage of market development as the U.S. even though markets like Toronto and Calgary have known and supported good, well-established, dedicated service providers for decades. In fact, the success of the sector there is largely due to its long history. Outsourced secure destruction services options have simply been there enough that it has grown to a high degree of acceptance. It is that visibility rather than regulation that seems to have led to its popularity. The regulatory environment in Canada is relatively lax. As a result, we still do not see the denser route service models in Canada that we see in the U.S. Given a stronger law or a round of severe penalties and it would catch up quickly. I personally think such escalation is inevitable and so I would say the Canadian market is 5 years behind the U.S. market in demand creation.
Space doesn’t permit an in depth examination of the market conditions in a large number of countries. Even looking at regions of the world I am relegated to generalities.
North Europe is also a well-developed market. That being said, a decades of focusing on recycling, lower incidents of ID fraud, and zero regulatory enforcement have led to stunted demand for secure destruction services. In addition, the aforementioned reasons along with the cost of fuel (historically) and tighter streets, have lowered the adoption of mobile shredding. The United Kingdom is the fastest growing market of demand and expansion in mobile shredding. Germany and the Netherlands has a strong base of service providers, however the majority of demand for most destruction comes from purges leaving much room for development of densely routed weekly service should it arise. Secure destruction in Northern Europe is still primarily provided by companies with major recycling operations and information destruction is an ancillary line of service rather than an exclusive, stand-alone business.
The countries of southern Europe do not yet have a solid customer base, even for purge business. What appeared promising 10 years ago evaporated in tough economic downturn facing the region ever since.
If the proposed European Data Protection Regulations becomes a law, and if it is enforced, demand has room to grow sharply. While the established service providers in the north are positioned to benefit well, the opportunity in Spain and Italy will fall the few there now and the inevitable startups that will result.
Australia and New Zealand
Conditions for secure data destruction to grow in Australia and New Zealand are very promising. Though not many, there are secure data destruction services making a go of it in most major metropolitan areas. Again, there is nothing yet like the densely routed milk-runs in the U.S. but the potential is there. Further, because the firms that are well positioned to capitalize on this future growth are strongly backing NAID Certification standards at an early stage, they may as well have a more stable environment as the industry matures and demand increases to its full potential over the next decade. Certification is quickly becoming a market requisite in the region and it appears this will be the case before the market expansion instead of afterward as it was in the U.S.
Japan is like Europe insofar as decades of heavy emphasis on recycling office paper and an even more pronounced lack of ID fraud have prevented a secure destruction industry from developing. What you have now are recycling companies that view security shredding as minor and almost irrelevant ancillary service. Furthermore, the long history and large network of paper mills in the region have reinforced the recycling alternative as an option. This is only exacerbated by the fact that there is virtually no current demand for routed, routine secure destruction service. Purges are not viewed as a security issue but rather a recycling issue. The Japanese government recently created a national identification scheme and data protection regulations are improving as well. There are many good business people looking to develop the secure destruction service model that has emerged in the U.S. but it will take many years and they must overcome the challenges facing them. I get the impression the good operators will carve out a decent living on decent margins, and while developing the routed service model will be more difficult, they will not contend with the avalanche of competition that results when selling the service gets too easy.
I don’t have a good handle on what is going on in the major metropolitan centers of continental Asia, Africa or South America, or in countries like Mexico and South Africa. They have massive potential client bases, however, not much in the way of a visible secure destruction industry.
I often tend to look at the industry around the world at markets in terms of how long ago the U.S. was at the same point. Japan is where the U.S. was 20 years ago. Australia is where the U.S. was 10 years ago. That’s unfair though because it suggests the evolution will be the same; that it is only a matter of time. That fact is that the U.S. did not have a well-developed recycling ethic. The U.S. did have an ID theft epidemic and as a result, stronger information disposal laws. Just because Japan is where the U.S. was 20 years ago, doesn’t mean it will ever be the same as the U.S. market just like it doesn’t mean it that it could not catch up in 5. There are just too many variables.
Electronic data destruction
A word about electronic information destruction before I close. In many ways the evolution of secure data destruction of electronic information has mirrored the evolution of hard copy destruction. Many of same factors apply – the strength or emphasis of the recycling ethic, the data protection laws, enforcement regimes, and cowboys capitalizing on customer ignorance. There is a big difference, however, in the speed of the marketplace and media evolution. Just in the last 10 years, service providers have seen the move from PCs to laptops to tablets and adapt their business models to fit the changing conditions. They have also had to contend with state funded recycling programs and OEM buyback programs and they have seen the value of memory storage nose dive and customers increasingly preferring destruction to refurbishing.
That being said, the market potential for data destruction of electronic media outside North America is largely untapped and will remain so until data security is better emphasized and enforced in regulations.
Europe, decidedly more environmentally focused than security focused, may see that model turned upside down in the coming years if the Data Protection Regulation becomes law. Still, if producer responsibility remains the focus of Europe’s environmental disposal schemes, it is difficult to see how the data destruction element will be implemented. European data protection officials have been pointing to the counterproductive impact of the WEEE Directive on data security for more than a decade. It remains to be seen how that tug of war will be resolved.
The rest of the world appears to be following the European model at this point in time. All I can say is that given the speed and dexterity of that business, that could change at any time depending on the political and regulatory winds.