Protection of Privacy a Business Issue
By Bailey Jung
Businesses are ignoring privacy laws.
A recent federal privacy study shows that the majority of businesses get a failing grade for ignoring privacy laws. According to the survey, conducted for the federal privacy commission, about two-thirds of business employees have little or no training on how to handle the personal information of their customers. Despite widespread media attention given to the rise in identity theft and privacy breach incidents, most business owners and accountants running their own practice simply don’t give enough attention to privacy compliance and the protection of personal information in their care. On any given day in most offices, information that should be shredded can be found in either the trash or recycling bin. A lack of employee training and the limitations of using office shredders can be attributed to this problem.
With most in-house shredding programs, where a business purchases an office shredder and relies on its staff to shred sensitive, confidential or personal information, one of four possible decisions is typically made by the employee in terms of how a particular document is handled. He or she can 1) file it; 2) toss it in the trash; 3) throw it in the recycling bin; or 4) shred it. The problem is that it is not always clear whether or not a particular document contains sensitive, confidential or personal information.
Draft and working copies of documents such as a T1 Personal Income Tax Return should obviously be shredded. T4 slips and other types of similar information slips containing SIN numbers are also fairly obvious. What is less obvious and not as clear to most untrained employees are things such as printed copies of e-mails, faxes and letters to clients and other seemingly harmless pieces of information. It is often with these “grey” areas where trouble starts. Few people that use office shredders enjoy the mundane and time consuming process of feeding a few sheets of paper at a time into these machines. Having to remove staples and dealing with paper jams add to the frustration.
Because office shredders are not designed to handle and withstand the volume of paper generated in even a typical small office, they break down sooner or later. What happens next is fairly common with in-house shredding programs. Documents destined for shredding will start to pile up. By the time the shredder has been repaired or replaced, a large pile of documents that needs to be shredded has accumulated. Now the job of shredding everything that has accumulated becomes an overwhelming task.
With many employees already overworked, shortcuts will be taken and inevitably some of the documents will somehow end up in the recycling bin instead of being shredded. At this point, sensitive, confidential, or personal information could be compromised and should any of that information fall into the wrong hands, the business owner has a potential serious problem to deal with.
Professional advisors such as accountants enjoy a high trust relationship with their clients. Not only do clients trust their accountants with highly personal information, but they also trust their accountants to ensure that such information is properly protected at all times. Protection of personal information means safeguarding that information while it is in their care and custody. It also means properly destroying that information when the situation calls for it.
Business owners that want to build trust, goodwill, and strengthen their customer relationships, need to view information destruction not only as a compliance issue but as an important business issue. Proper privacy training of all employees who come into contact with personal information is a good place to start.
Bailey Jung is the President and owner of Silver Bullet Shredding, an independent and locally owned document destruction firm. The company provides secure, document shredding services to small- and medium-size businesses in the Lower Mainland.