In 2018, the average data breach cost an Australian business $1.99 million.
As well as the financial cost, your business might lose reputation, goodwill and customers and leak valuable information to the competition.
Despite this, many businesses don't take the care they should. A recent Sydney audit found that 11% of commercial rubbish bins contained personal confidential information.
A minimum wage staff member using a shredder for one hour each week costs your business over $1000 in staff time alone. That doesn't count the cost of buying or maintaining the shredder itself.
Financial, commercial and payroll paperwork is sensitive, so many businesses don't let their casuals and junior staff do the shredding. If a senior team member does it, shredding costs even more.
If your business handles any personal or sensitive information on paper, you need to shred it when you're finished with it.
The Privacy Act 1988 applies to all businesses with annual turnover more than $3 million and to some other businesses. Penalties are up to $1.7 million for companies.
Australian Privacy Principle 11 requires businesses covered by the Privacy Act to take reasonable steps to destroy or de-identify personal information when they no longer need it. Throwing paperwork into a garbage or recycling bin is not good enough. It must be shredded or otherwise destroyed first.
As of February 2018, the Notifiable Data Breach scheme requires businesses to report data breaches to customers and the Office of the Australia Information Commissioner.
Protecting privacy is good for business. The Australian Information Commissioner's 2017 survey found that six in ten customers would avoid dealing with a company due to privacy concerns. Even if you're exempt from the Privacy Act, you should protect your customer's privacy. It's good business sense.
Most people consider their health and medical information to be highly sensitive. Privacy concerns about My Health Record are the tip of the iceberg.
Many health businesses aren't doing the right thing. A recent Sydney audit found a quarter of commercial rubbish bins at doctors’ offices contained personal medical information.
The Privacy Act has special provisions for health service providers. If your business provides a health service and holds health information, you're likely to be covered.
And it's not just doctors that are covered. The following are 'health service providers' under the Privacy Act:
The world is going digital, but we're not there yet. The average Australian office worker bins around 10,000 sheets of A4 paper each year.
A 2016 survey found that 74% of Australians prefer reading print on paper rather than on a screen.
According to the Australian Bureau of Statistics, around one million Australians have never accessed the internet. Around one in seven households don't have any internet access at all. Two in five people say they need paper records because they don't have a reliable internet connection.
If you go digital, don't leave your customers behind.
If your business already has a shredder and you can afford the time and cost to run it, make sure you use it properly.