Kate and I walked past a mobile shredding truck this morning. It had great graphics on it — a smiling tiger drawing big, sharp claws right past the little glass window where you can see into the truck and view the shredded paper. the tiger looked happy, too: “RAWR I hate documents!” “RAWR I love shredding them with my big sharp tiger claws!”
I noticed a certification badge on the truck that stopped me in my tracks, too: a badge for the National Association for Information Destruction. Let me say that again: the NATIONAL ASSOCIATION FOR INFORMATION DESTRUCTION.
Oh, this is marketing GOLD. If you check their website, you’ll see that this is very much a certification for companies that destroy paper and hard drives — in other words, things. But can you imagine a certification for how you handle sensitive electronic customer data, all through the “cloud” that comprises an operating web system?
Let’s take my p8tch website as an example. I offer a proxy-url service; the patch is like a tinyURL you can wear. You enter the password for the p8tch, then you get to enter the URL where the p8tch goes. In the course of doing this, a lot of data about what you did gets created and stored in various logfiles:
- When you enter the target URL, it is stored in the database (so that the redirect will work)
- Every night, the database is backed up, which means that that URL is now captured in a backup file.
- That backup file is copied to several locations and included in various uber-backups. For instance, if I verify a backup, I copy it to my local MacBook Pro, and now the file might be included in Time Machine backups too.
- When the p8tch is scanned, the date and time of the scan, plus the IP address of the scanner and the destination returned, are saved to the normal website logfile.
- Just like backup files, logfiles proliferate all around.
- All that info is supoena-able. Five years from now, unless I’m explicitly going around nuking old data, it’s probably find-able in SOME form or other.
So the p8tch website, without explicitly collecting any data in a “marketing-y” kind of way, still generates a lot of long-lived data. People who do the Web for a living accept this as a fact of life. Of course, when you use a service like GMail, much much MUCH more data is collected, stored, and cross-referenced to plenty of other places.
The purpose of an electronic National Association for Information Destruction certification would be to offer assurances that your data-retention policy actually works. For instance, I might promise on the p8tch site that all data is kept for only 30 days, and then it’s destroyed so it can never be subpoena-ed. But it’s the certification that gives some assurance that not only am I, you know, dropping rows from my database, but I’m also doing due diligence to properly scrub logfiles, destroy old backup archives, and properly degauss hard drives when they’re rotated out of service. In each context, the word “destroy” would have an explicit meaning: “when we destroy a backup file, we write garbage data over the sector where it used to live…”, etc. “When we destroy a hard drive, we take off and nuke the site from orbit.”
I think a logo would be fun to come up with, too. You know, like a hard-drive platter getting de-rezzed, basically. I contacted NAID asking if they’d be interested in coming up with a certification program. I know that reputable IT departments already DO this stuff, but from a marketer’s perspective I’m in love with the idea of a National Association for Smashing the Very Electrons that Make Up Your Private Data. Let’s see if they get back to me!