June 16, 2011 09:06 ET

Canadian Businesses Are Not Prepared for the Repercussions of a Security Breach

Inaugural Shred-it Information Security Tracker Shows That 47 Per Cent of Canadian Businesses Do Not Believe That Their Business Would Be Seriously Impacted by a Security Breach

TORONTO, ONTARIO--(Marketwire - June 16, 2011) -

Editors Note: There are two photos associated with this Press Release.

Results from, Shred-it's first independent Information Security Tracker survey, include:

  • Almost half (47 per cent) of Canadian businesses surveyed believed that their business would not be seriously impacted in the event that data from the company was lost or stolen.
  • Canadians are less aware of the legal requirements of storing, keeping or disposing of confidential data in their specific industry, as compared to the U.S. and the UK (28 per cent of Canadians are not aware, versus 21 per cent and 16 per cent in the U.S. and the UK respectively).
  • An alarming 38 per cent of Canadian businesses surveyed do not have a protocol for storing and disposing of confidential data and 38 per cent of respondents claimed they only train staff on information-security procedures or protocols on an ad-hoc/as-needed basis.
  • More than half (56 per cent) of the Canadian businesses surveyed do not offer secure document security facilities at their organization, for example a locked console where staff can dispose of documents and cannot be accessed once deposited.
  • Protecting and safeguarding customer details was rated the number one priority for businesses, with employee information coming in second and general business information coming in as the third priority when it comes to the most important information to protect for an organization.

An independent survey conducted on behalf of Shred-it, a world-leading information security company providing document destruction services, reveals that 47 per cent of Canadian small businesses are not worried about the potential implications of a security breach. Furthermore, it appears Canadian small business operators are less aware of their legal obligation to store, keep or destroy sensitive information, compared to their counterparts in the US and UK.

The Shred-it Information Security Tracker, a third-party survey conducted by Ipsos Reid and commissioned by Shred-it across Canada, the U.S. and the U.K. indicates that almost half of Canadian businesses surveyed believed that their business would not be seriously impacted in the event that data from the company was lost or stolen. The results from the Tracker signal a lack of understanding around the consequences of a potential security or data breach to an organization.

Although 77 per cent of respondents from Canada reported that keeping business information secure was very important, there is an obvious disconnect between wanting to keep confidential information secure, and implementing the policies and procedures necessary to maintain information security and fraud prevention awareness from within organizations.

"The results from our Information Security Tracker show that while organizations may be aware of the legal requirements for destroying documents, many do not implement the systems needed to prevent a data security breach," says Michael Collins, Vice President, Sales, Shred-it Canada. "The failure to recognize the potential financial loss and reputational damage, not to mention consequences for their customers or employees, such as stolen identity or fraud resulting from leaked data, is extremely concerning. At Shred-it, we act as a partner in helping organizations protect the integrity of their information to offer not only solutions but also recommendations for organizations on how to minimize the risk of fraud."

While over half (52 per cent) of all Canadian businesses surveyed reported that a staff member at management or board level is specifically responsible for data security issues, indicating that information security is recognized as an important issue, one third of organizations (33 per cent) have no designated staff member responsible for information security.

"Ensuring that data security is taken seriously at every level within a business is vital to minimizing the risk of exposure that could lead to a data breach," adds Collins. "Safeguarding data need not be an onerous task and there are simple steps any organization of any size can take to minimize its risk factor – from securely shredding confidential data to limiting access to sensitive files. By taking such steps and regularly reviewing security policies, organizations can protect themselves from the significant long term impact of a data breach."

Shred-it's tips for safeguarding business information

  • Make sure you have formal information security policies in place; train your employees to know the policies well and follow them rigorously.
  • Eliminate any potential risks by introducing a "shred-all" policy, when all unneeded documents are fully destroyed on a regular basis.
  • Conduct a periodic information security audit.
  • Don't overlook hard drives on computers or photocopiers - Erasing your hard drive does not mean that the data is gone. Physical hard drive destruction is proven to be the only 100% secure way to destroy data from hard drives.
  • Hire a reliable vendor that is well-informed and keeps you compliant with pertinent legislation, training requirements etc.

About Shred-it

Shred-it is a world-leading information security company providing document destruction services that ensure the security and integrity of our clients' private information. The company operates 140 service locations in 16 countries worldwide, servicing more than 150,000 global, national and local businesses, including the world's top intelligence and security agencies, more than 500 police forces, 1,500 hospitals, 8,500 bank branches and 1,200 universities and colleges. For more information, please visit

To view a visual comparison of US and Canadian data from 2011 associated with this release, please visit the following link:

To view the shredder image associated with this release, please visit the following link:

Contact Information