In 2016, the average data breach cost an Australian business $2.64 million.
As well as the financial cost, your business might lose reputation, goodwill and customers and leak valuable information to the competition.
You might also breach the Privacy Act.
Despite this, many businesses don't take the care they should. A recent Sydney audit found that 11% of commercial rubbish bins contained personal confidential information.
A minimum wage staff member using a shredder for one hour each week costs your business over $1000 in staff time alone. That doesn't count the cost of buying or maintaining the shredder itself.
Financial, commercial and payroll paperwork is sensitive, so many businesses don't let their casuals and junior staff do the shredding. If a senior team member does it, it costs costs even more.
If your business handles any personal or sensitive information on paper, you need to shred it.
The Privacy Act 1988 applies to all businesses with annual turnover more than $3 million and to some other businesses. Penalties are up to $1.7 million for companies.
Australian Privacy Principle 11 requires businesses covered by the Privacy Act to take reasonable steps to destroy or de-identify personal information when they no longer need it. Throwing paperwork into a garbage or recycling bin is not good enough. It must be shredded or otherwise destroyed first.
From February 2018, the Notifiable Data Breach scheme will require businesses to report data breaches to customers who are affected, as well as to the Office of the Australia Information Commissioner.
Protecting privacy is good for business. The Australian Information Commissioner's 2017 survey found that six in ten customers would avoid dealing with a company due to privacy concerns. This means that even if the Privacy Act doesn't apply to your business, you should take steps to protect customer privacy.
Most people consider their health and medical information to be highly sensitive. Eight in ten Australians trust their health service providers.
But data shows many aren't trustworthy. A recent Sydney audit found a quarter of commercial rubbish bins at doctors’ offices contained personal medical information.
The Privacy Act has special provisions for health service providers. If your business provides a health service and holds health information, you're likely to be covered.
And it's not just doctors that are covered. The following are 'health service providers' under the Privacy Act:
The world is going digital, but we're not there yet. The average Australian office worker uses around 10,000 sheets of A4 paper each year.
A 2016 survey found that 74% of Australians prefer reading print on paper rather than on a screen.
According to the Australian Bureau of Statistics, around one million Australians have never accessed the internet. Around one in seven households don't have any internet access at all. Two in five people say they need paper records because they don't have a reliable internet connection.
If you go digital, don't leave your customers behind.
If your business already has a shredder and you can afford the time to run it, make sure you use it properly.