Haas has been a member of NAID’s board of directors since 2014 and served as president-elect in 2016.
He formerly worked in various roles with The Newark Group, an integrated producer of 100 percent recycled paperboard and paperboard products, before buying ARMS from his uncle in 2008. In the time since, he has expanded the suite of information management services the company provides to include information management consultations, off-site media and records storage, e-backup, email archiving, network storage, data protection, media rotation, media and data vaulting, document imaging, on-site shredding, scan-on-demand imaging and disaster recovery planning.
In his role as NAID president, Haas says he took office with the intention of continuing the association’s momentum. “Service providers,
Haas says he also plans to embrace the efforts of Don Adriaansen of Titan Mobile Shredding, Doylestown, Pennsylvania, who served as the association’s president from March of 2016 until Haas took the mantle this year. He says Adriaansen sought to prepare NAID for the next decade by ensuring its long-term health and relevance.
“On a more granular level, one specific area of my focus is to further establish NAID AAA certification as an international security standard for the industry,” he says. “It is already far and away the most recognized operations and regulatory practices certification in the data disposition arena, making it our industry’s best hope for a uniform, reasonable global standard. I am excited by the increasing uptake of NAID certification in areas like Australia and Japan and its increasing recognition as a data security standard in the IT (information technology) asset disposal space.”
In the following Q&A, Haas shares his plans for NAID during the rest of his term and provides updates on various association initiatives.
Recycling Today (RT): What NAID initiatives are you most excited about?
Eric Haas (EH): As many of your readers already know, the General Data Protection Regulation (GDPR) goes into effect in Europe next year. When that happens, it will become the most aggressive data security regulation in the world. Not only are the requirements significantly more demanding and prescriptive, fines will be dramatically increased and breach notifications go into effect. We are excited by the fact that, unlike any other data protection regime, it includes a requirement for customers to be able to demonstrate compliance, and it has the expressed intention of acknowledging legitimate vendor certifications.
This is all music to the ears of reputable service providers and a great opportunity for NAID to help them. The association has already committed serious resources to a range of initiatives, including sample contracts and education to prepare members there, and has further committed to exploring all opportunities to help members and their customers with compliance.
The association has also recently published the first-ever textbook on the secure disposition of records, media and IT assets, Information Disposition: A Practical Guide to the Secure, Compliant Disposal of Records,
RT: Does NAID have any plans related to its certification or accreditation programs in the year ahead?
EH: As mentioned previously, aligning NAID AAA certification with the new GDPR and being an officially recognized EU Data Protection Authority is one of our immediate goals. Additionally, [in June] NAID introduced product destruction endorsement to the program. NAID is also integrating solid state device (SSD) erasure into the certification program for electronic overwriting operations in the first quarter of 2018, which is an important direction electronic information storage is evolving in.RT: How has the Information Disposition textbook been received?
EH: The Information Disposition textbook has already sold several hundred copies of the first printing in just the short time since it was released earlier this spring. NAID members have been eager to acquire a copy as they are vested in having a deep knowledge bank regarding this industry and want to ensure their customers have a clear understanding of compliance regulations as well. We have also sold a number of copies through the ARMA International (the Overland Park,
RT: How has Shred School evolved since NAID purchased rights to the name from Total Training Services in 2012?
EH: The biggest change to Shred School under NAID ownership came in the first year. Under Total Training Services, Shred School was held in the hometown of Ray Barry, Spartanburg, South Carolina, and focused primarily on getting people ready to enter the business.
We are proud to say that Ray continues to be a big part of Shred School, which means sales and marketing are still a huge part of it. However, when NAID acquired it, we took this education on the road and dramatically lowered the price to make it more accessible to our members’ employees. We also expanded the curriculum to include topics like regulatory issues and digital marketing. Adding NAID CEO Bob Johnson deepened the bench. In the four years since, hundreds of industry professionals have attended Shred School, most of whom would not have been given the opportunity for other industry-specific training.
RT: What do you feel will be the biggest challenge for the information destruction industry in the year ahead?
EH: Industry challenges vary throughout the globe. In North America, consolidation and increased scrutiny of vendor qualifications are both major trends that represent both a challenge as well as an opportunity.
In Europe, the industry is focused on the new GDPR; so, that is NAID’s focus too—particularly the alignment and recognition for NAID AAA certification.
In Australia and New Zealand, though they have smaller markets, they face challenges that look very much like North America did 10 years ago.
Throughout parts of Asia and South
RT: How can NAID help its members address these challenges?
EH: NAID helps members address challenges in several ways.
As the consequences for failing to protect information continue to increase, both customers and service providers need legitimate mechanisms to demonstrate they are doing things correctly. The fact is customers generally do not know how to do that, and there is unfortunately still no shortage of marginal service providers willing to mislead these new customers. All of this means that NAID has a role to play. Everything NAID does is focused on creating the tools, such as certification, Downstream Data
Moreover, NAID helps its members by creating awareness and by advocating
RT: How do you envision the regulatory landscape related to information protection changing over the next five to 10 years?
EH: In North America, I don’t envision any dramatic changes in the laws themselves as they apply to information protection; however, we do believe we’ll continue to see higher fines as a result of continued breaches.
On the other hand, we also see trends that indicate consumers and shareholders will be less tolerant of lax data security. Ironically, that could have a bigger impact than regulations or fines, since it affects both stock value and consumer confidence.
As for the rest of the world, which in many cases is just catching up with the U.S., we see considerable regulatory changes coming over the next decade.
RT: What do you find to be the most challenging aspect of being involved with the NAID board? The most rewarding?
EH: The fact that there are 15 people serving on the NAID board of directors means that it represents a good cross-section of the membership. It also means that a lot of perspectives have to be taken into account when building a consensus, and that can be a challenge. Most board members run their business as they see fit. We are used to being in charge, calling the shots. When it comes to an association though, it is not that way. Luckily, reasonable people generally get around to reasonable conclusions even if it is not a straight line. We have some great dialogues. It can be a challenge to come to a resolution at times, but when we do, I always walk away with a confidence that we have come to the right conclusion.
When it comes to the most rewarding aspect of serving on the NAID board of directors, I would have to say it is meeting and hearing from members who are growing their businesses by using the tools and programs the association offers—things like NAID certification, Downstream Data Coverage, the annual conference, the Compliance Toolkit and Shred School. The networking is rewarding too. Even if we disagree once in a while, I can still honestly say lasting friendships have come out of service on the board.