July 17, 2018
A professional document shredding company uses industrial grade cross-cutting equipment so sheets of paper are reduced to confetti-like pieces that are impossible to put back together. While this kind of professional shredding process protects confidential and personal information on paper, do all employees know exactly what documents must be protected this way?
The research on employee negligence suggests not. The 2018 State of the Industry Report on Information Security by Shred-it showed that 84% of C-Suites and 51% of small business owners admit employee negligence is one of their biggest information security risks.
But to keep information safe and sound, it is important to recognize ‘confidential’ and ‘personal’ information.
Personally identifiable information (PII) is information that identifies, locate or contact a person in some way, such as name, address, birth date, phone number, and personal identification numbers. Identity thieves use this data to commit offenses or create new identities – and apply for loans or credit cards and file fraudulent tax returns, etc. PII is also sold to marketing firms or companies that specialize in spam campaigns.
This includes data handled by governments, public or private organizations, and other individuals that store and use personal and confidential information of individuals. There are many privacy laws in place at different levels of government and by industry sector. In the financial sector, companies are regulated by the Gramm-Leach-Bliley Act. In health services, confidential health information is protected by the Health Insurance Portability and Accountability Act (HIPAA). One of the newest privacy laws is the EU General Data Protection Regulation (GDPR). Non-compliance of privacy laws can lead to large fines and jail time.
Anything that may pose a risk to a company if a competitor or the general public gets a hold of it, needs to be protected. This information includes trade secrets, acquisition plans, financial data, and supplier and customer information; also, executive-level correspondence, contracts, and HR data like medical records, payroll information and performance appraisals.
Data used by an individual or company in banking, billing, and insurance must be protected. It includes credit and debit card information and data that can be used to access accounts or process financial transactions.