Press Release October 23, 2003 FOR IMMEDIATE RELEASE Phoenix, Arizona – The National Association for Information Destruction (NAID) has given Mount Vernon, IL based DataLock, Inc., “AAA” certification status, making it the first information destruction contractor in the Southern Illinois and Indiana area and only the third in the state of Illinois to be so certified by the industry’s trade association. Certification is attained only when a shredding contractor passes a rigorous, comprehensive audit of employment policies, facility security, financial stability and destruction processes. With growing attention to protecting competitive information and increasing awareness of consumers regarding privacy, the demand for information destruction services has grown substantially over the last 5 years. As the demand has grown, so have the number of companies offering the service. NAID estimates that there are over 500 firms nationally in the business of destroying discarded documents. “There are many companies offering information destruction services and that number grows constantly. The reality is that the security and stability of these companies varies considerably,” according to Robert Johnson, Executive Director of NAID. “There are some firms that have less than acceptable security. In a few instances, we have even discovered companies that misrepresent their capabilities,” he adds. NAID is the 9-year-old, non-profit trade association of the information destruction industry. It has approximately 325 members throughout the U.S., with about a dozen from outside the country. The security specifications required to achieve certification were established by the association to set standards in the otherwise unregulated industry. Growing Concerns The FBI estimates that U.S. businesses lost $24 billion last year as a result of information falling into the hands of competitors. Earlier this year, Cincinnati-based, consumer products giant, Proctor & Gamble admitted to conducting a 6-month campaign of raiding the dumpsters of hair-care rival Unilever. The dumpster diving took place outside Unilever’s Chicago headquarters. A competitive intelligence detective interviewed during the investigation said he had “raided” over 2500 dumpsters during his career to gather information for various clients. Widely publicized incidents such as this raise the concerns of all businesses about casually discarding any sensitive information. Besides protecting against actual “dumpster diving”, there is another reason for caution when discarding documents. Johnson explains, “Most companies don’t realize that without properly destroying discarded documents, including the careful selection of the vendor to provide destruction services, they risk losing any claim to trade secret protections. They also potentially render non- competition contracts unenforceable.” He continued, “The information doesn’t even have to fall into the hands of competitors. Simply by not having the procedures in place to safeguard the information, a company puts itself in jeopardy of losing its claims of ownership.” Recent legislation has also resulted in an increased demand for destruction services. This legislation is largely a reaction to the exponential growth of identity theft and other forms of information- based fraud. Often it turns out that the information used to commit the fraud was obtained from casually discarded documents containing personal data. The Health Information Portability and Accountability Act (HIPAA) is the biggest thing to hit the medical field since Y2K, some say bigger. By April of 2003, every medical institution, big or small, must have a program in place to protect patient information at every point. The disposal of information is a very big concern and facilities across the country are rushing to meet compliance. The Gramm-Leach-Bliley Act (GLB), enacted by the Federal government, went into effect in July of this year. The law mandates that all financial institutions establish procedures for protecting personal information, including the protection of discarded information. Wisconsin and Georgia have recently enacted legislation, forcing all businesses to shred any discarded documents that contain personal information. Other states are considering similar laws. Reassuring Clients “We knew that potential clients for our shredding services were confused and concerned. They were trying to be conscientious, but they didn’t know what questions to ask. They essentially ended up taking a leap of faith when selecting their shredding contractor,” says Mary Burgan, DataLock’s founder and president. “What was more troubling, we found a few companies taking advantage of the situation by misrepresenting their security,” she added. “Certification takes the guess work out of it for the customer.” To achieve certification, DataLock was audited on 16 key aspects of its processes, stability, policies and procedures. Highly regarded Pinkerton Investigative Services, Inc. is contracted to perform the audits on behalf of NAID. DataLock will be audited on an annual basis to maintain its certification status.