Tuesday, March 09, 2004

Article: Privacy rules turn shredders on: Document destruction firms see business booming in age of Enron, identity theft

Today's Globe and Mail has an article on the increased used of document destruction in response to identity theft and privacy laws:

Privacy rules turn shredders on: Document destruction firms see business booming in age of Enron, identity theft
By KEITH DAMSELL
TECHNOLOGY REPORTER

For Terry Farrell, contact with his paper shredder has escalated from a casual fling to a torrid relationship.

Every day, the Toronto financial planner's GBC Shred Master hums to life, slicing and dicing sensitive statements and client correspondence.

"I don't keep every statement that I have. Sometimes with transactions I have too many copies and so I shred what I need to. For me, its strictly security and compliance," said the burly 58-year old. His list of about 400 clients ranges from wealthy retirees to frugal school teachers.

That's a big change from five years ago when the machine sat idle most days in his home office.

"When I first got it, I barely used it," he said. "Now, I am absolutely inundated with paperwork. It is never-ending."

Mr. Farrell is on to something. New privacy legislation -- and a liberal dose of corporate paranoia -- has made the paper shredding trade very big business. In the age of Enron and identity theft, conscientious paper management is hot. ...

New Canadian legislation called the Personal Information Protection and Electronic Documents Act, effective Jan. 1, 2004, is driving the desire to mince and chop, industry sources say. The federal act sets ground rules for how the private sector collects, uses and discloses personal information. For shredders, the kicker is in the act's notes on retention: Businesses must "destroy, erase or render anonymous" personal data that are no longer required.

Last summer I wrote on article on PIPEDA and document destruction, which is available from the McInnes Cooper website at http://www.mcinnescooper.com/publications/destruction.pdf.

Information destruction is the one place that businesses fall flat on their faces in the most public of ways. Most privacy incidents are related to not controlling the waste stream. Some time ago, I used to work in a building that also housed an investment firm. Each week, the loading dock was filled with blue bins for recycling. Available for anyone to see (if they were curious) were print-outs of all their accounts, including names of account holders, addresses, balances, recent trades and overall performance. Neeless to say, I'd take my investment business somewhere else.

The best rule of thumb is to shred all paper waste and destroy all magnetic media. Better safe than sorry.

1 comment:

Thomas said...

We have something similar here in the United States, laws such as HIPAA, FACTA, and GLBA make shredders a necessity. It is too costly to chance someone may steal private information. If you are in the United States and have a business you may want to read up on similar laws or face prosecution, if your business is not complying. Check out article to read up on about similar laws for businesses.