October 25, 2022

It’s the Law: Privacy Regulations and Data Breaches

Business leaders balance many responsibilities, including information security and complying with data protection regulations. According to the Identity Theft Resource Center’s 2021 Annual Data Breach Report, data breaches are at an all-time high, surpassing the previous record set in 2017. Further, the Verizon report notes that last year, physical breaches — including document theft — accounted for 43% of breached assets. An IBM report also claims that the cost of data breaches continues to rise at an average cost of more than $4 million, which includes potential regulatory actions and fines, legal fees, and the loss of customers. Unfortunately, these studies collectively indicate that a data breach could potentially be crippling for a small business.

While larger businesses may have more resources in the form of tools and staff, small businesses may struggle to understand and comply with the changing regulatory landscape. In fact, the 2022 Shred-it® Data Protection Report (DPR) finds that 58% of the small business leaders (SBLs) surveyed cannot keep track of shifting privacy regulations, and about 25% of SBLs do not understand the laws and how to comply with the rules that apply to them.

We offer resources to help our secure information destruction customers comply with applicable requirements, including:

As stated in the DPR, 94% of the SBLs surveyed seek a trusted partner who can help them adapt to complex and changing regulations. In the current work environment, SBLs report remote work (69%), employee turnover (63%), and supply chain vulnerabilities (60%) as the driving factors of data protection challenges and concerns. Over half of SBLs reported they do not have adequate resources or support to navigate today’s data protection regulations.

With the “Great Reshuffle,” companies have had a swath of new employees working in hybrid and decentralized work environments. Ninety-one percent of small businesses believe physical and digital security are equally important, and the majority (90%) of SBLs feel that it is harder than ever to keep their company’s sensitive data and information safe.  Further, two-thirds reported that they have spent more budget on data protection measures this year than ever before. Thus, there has never been a more important time, especially for small businesses, to prioritize data protection.

Trusted partners, like Shred-it®, can help businesses with their physical data security efforts. With the work environment constantly changing and hybrid work environments remaining prevalent across multiple business sectors, small businesses should improve physical and digital security as employees move between offices and at-home workspaces. Effective solutions can help you ensure that your digital and physical security practices are in line with industry standards. 

Learn more about how Shred-it® can help play a role in your physical information security efforts.

About the 2022 Data Protection Report

The 2022 Shred-it® Data Protection Report is a survey of 510 small business leaders (e.g., business owners, executives, C-levels, VPs, Director+ levels, or equivalent) who work at or own companies with 15 to 100 employees in the U.S. and Canada across a variety of sectors (e.g., healthcare, finance, professional services, insurance, real estate, etc.). This research uncovered critical information security concerns and challenges with data protection today. The report also investigates perceptions of today’s data protection regulatory landscape and top barriers to compliance, the future outlook, and the demand for external assistance from partners.

Privacy legislation generally refers to laws and regulations that govern the collection, processing, and storage of personal data (also known as Personally Identifiable Information, or PII), and establish individuals’ rights and expectations.

The primary purpose of privacy legislation is to establish individuals’ rights and control over their personal data, and in turn, obligate organizations to provide greater protection over that data.

The GLBA is a U.S. federal law that establishes requirements for financial institutions to safeguard the personal data of customers.

The GDPR is a legal framework that imposes obligations on organizations that target or collect the personal data of individuals in the European Union (EU).

The CCPA gives more control to residents of the State of California over how their personal data is collected, processed, stored, and shared.