Any company contracting a destruction service should require a signed testimonial, documenting the date that the materials were destroyed. The "certificate of destruction," as it is commonly referred to, is an important legal record of a company’s compliance with a retention schedule. However, it does not transfer to the contractor the responsibility to maintain confidentiality of the information. 

If security is breached and information leaves the recycler’s facility, a court is bound to question the process by which the particular contractor was selected. Any company not showing due diligence in their selection of a contractor, one that is capable of providing requisite security, could be found negligent. But from a practical standpoint, if proprietary or private information is lost or leaked due to the fraud or negligence of a vendor, the obligations of that vendor are irrelevant. The firm whose information falls into the wrong hands stands to lose the most, either from loss of business, prosecution, or unfavorable publicity. 

Since a business cannot transfer its responsibility to maintain confidentiality, it must be certain that it is dealing with a reputable company with superior security procedures. Unfortunately, there are those information destruction services that provide certificates of destruction while having no semblance of security and, in some cases, no destruction process available to them. Anyone interested in contracting a data destruction service is advised to thoroughly review that service provider’s policies and procedures, conduct an initial site audit, and then conduct subsequent unannounced audits.