Destruction Certifi...

Destruction Certificate: Thought Experiment  


Joanie Valdez, CRA, CIP, IGP
Active Member
Joined: 1 year ago
Posts: 12
30/10/2019 2:42 pm  

I am working on a dream retention scenario…  At least for me. I am working on overhauling a RIM program.  Eventually, it will be incorporated into IG.  However, for now, we are simplifying, consolidating, and big bucketing the retention schedule and policy. 😊

Thought experiment is:

I am running through a thought experiment of eliminating destruction certificates. There is heavy use of destruction certificates at our locals for paper records. In my 10 plus years, I have never been asked to provide one or even an inquiry, or heard of a site being asked, but I am not present during audits, litigations, or any security breaches.

  1. Have you been asked to provide a certificate for litigation, breaches, or audits?
    1. Were you able to provide the certificate?
    2. If not, what were the consequences for not doing so?
    3. What do you see as consequences for eliminating that process for electronic records?
    4. What do you see as consequences for paper records?
  2. Do you see value or ROI in eliminating the certificates for a company

Joanie Valdez, CRA, CIP, IGP
Privacy and Records Management Senior Manager
Univar Solutions

This topic was modified 3 months ago by Joanie Valdez, CRA, CIP, IGP

Joanie Valdez, CRA, CIP, IGP
Privacy and Records Management Senior Manager

New Member
Joined: 6 months ago
Posts: 4
12/11/2019 10:08 am  

I think it would be great to get rid of destruction certificates. I don't see it as feasible, though.

In my experience, it was very, very, very rare for a destruction certificate to be required during litigation. It did happen, though, and it was not only proof of destruction but also showed a pattern of actually having a functioning records management program. That was a point in favor of our agency. 

It was more likely a question would arise during an internal audit, but that was because RM was being considered along with other factors. 

Now, could you do something besides a certificate? Maybe. How about a list? Nothing goes on the list without the records managers approval and that person manages and maintains the list. You end up with the same sort of information, just not an individual piece of signed paper for each destruction. If the list is controlled (e.g. lock down permissions, maintain an audit trail, etc.), I don't see the lack of signature being an insurmountable obstacle.