June 11, 2012 08:00 ET

Large Businesses May have Document Security on Their Radars, but Both Large and Small Companies Are Not Doing Enough to Protect Confidential Information

Businesses admit they would pay more attention to data security if they were at risk of being fined

TORONTO, ONTARIO--(Marketwire - June 11, 2012) -

Editors Note: There is an infographic associated with this press release.

Consumers entrust their personal information to companies daily without hesitation-from banks to medical centres to law firms. However, research conducted by Ipsos Reid on behalf of Shred-it shows that many organizations, regardless of their size, are not making document security part of their business culture and could be putting themselves and their customers at risk.

Results from the 2012 Shred-it Information Security Tracker show that large businesses seem more inclined than their smaller counterparts to do their homework and toe the line when protecting their confidential information. For example, 95 per cent of large enterprises surveyed are at least somewhat aware of the legal requirements of storing, keeping or disposing of confidential data in their industry, compared to 76 per cent of small businesses. Similarly, 93 per cent of large organizations surveyed have an employee directly responsible for managing data security issues-a stark contrast to the small business response, which indicated that just over half (52 per cent) have an employee to fill this role.

Despite these efforts, businesses admit they could be doing more. Eighty six per cent of large businesses saying they would be more likely to pay greater attention to safeguarding data if the Privacy Commissioner introduced large fines for organizations that failed to adequately protect their data and data related to their customers.

Employees play an important role in safeguarding information, and large businesses are not faring any better than smaller organizations when it comes to employee awareness of information security protocols, even though large business are far more likely to have an existing procedure. While nearly all (92 per cent) large businesses have a document destruction protocol, only 40 per cent of large companies have a system that is strictly adhered to by all employees. Comparatively, 43 per cent of small businesses have a protocol that all employees are aware of, even though only 55 per cent of small organizations have implemented a document destruction policy.

"It's great news that large businesses are educating themselves and taking the steps necessary to protect their business and customer data," says Mike Skidmore, Privacy & Security Officer at Shred-it. "Yet, with the majority of data breaches occurring internally, information security protocols are only as strong as the employees that are adhering to them. Therefore, it is absolutely crucial that companies of all sizes ensure that any procedures or regulations are well-known and strictly followed."

The Security Tracker also demonstrates that even with reports of fraud and identity theft continuing to rise, small businesses are becoming increasingly complacent about the importance of safeguarding confidential records. When the Security Tracker survey was conducted in 2011, 38 per cent of small businesses had no protocol for storing and destroying data, compared to 42 per cent this year. And, while last year 34 per cent of small businesses had no employee responsible for managing data security issues, that figure jumped to 47 per cent in 2012.

Skidmore adds, "In an uncertain and competitive economy, we understand that small businesses need to cut costs to survive. However, by cutting corners and not taking the necessary steps to safeguard their sensitive data, companies are leaving themselves vulnerable to financial ramifications and reputational damage and are putting their customers at risk of scams and theft."

These results may be symptomatic of a lack of both fear of, and experience with, fraudulent activity. Nearly two-thirds (61 per cent) of small businesses said that they do not believe they would be seriously impacted by a data breach, and just 22 per cent of small businesses have been victim to one compared to a whopping 66 per cent of large organizations.

"A data breach can happen anywhere, anytime," says Skidmore. "Relaxed protocols or not having the right resources in place can detract from the culture of security that organizations want to cultivate in order to protect themselves and their clients from fraud.

To help all businesses safeguard their confidential data, Shred-it also recommends taking the following steps:

  • Conduct a security audit to determine the level of data security risk within an organization.
  • Implement a "shred-all policy" and mandate that all unneeded documents be destroyed on a frequent basis.
  • Provide employees with a locked console where they can deposit their unneeded documents prior to disposal.
  • Hire a reliable third-party professional vendor to help ensure compliance with legal requirements and securely and safely destroy all unneeded documents.
  • Ensure that electronic records are protected as well. Simply erasing or degaussing a hard drive or photocopier memory does not remove information completely-physically destroying the hardware is the only way to ensure that data is gone forever.

About Shred-it:

Shred-it is a world-leading information security company providing document destruction services that ensure the security and integrity of our clients' private information. The company operates 140 service locations in 16 countries worldwide, servicing more than 150,000 global, national and local businesses, including the world's top intelligence and security agencies, more than 500 police forces, 1,500 hospitals, 8,500 bank branches and 1,200 universities and colleges. For more information, please visit

About Ipsos Reid:

Ipsos Reid is Canada's market intelligence leader and the country's leading provider of public opinion research. With operations in eight cities, Ipsos Reid employs more than 300 research professionals and support staff in Canada. The company has the biggest network of telephone call centres in Canada, as well as the largest pre-recruited household and on-line panels. Ipsos Reid's Canadian marketing research and public affairs practices are staffed with seasoned research consultants with extensive industry-specific backgrounds, offering the premier suite of research vehicles in Canada-including the Ipsos Trend Report, the leading source of public opinion in the country-all of which provide clients with actionable and relevant information. Ipsos Reid is an Ipsos company, a leading global survey-based market research group. To learn more, visit

About the 2012 Security Tracker:

Ipsos Reid conducted a quantitative online survey of two distinct sample groups: 1001 small business owners in Canada (all of which have fewer than 100 employees), and 100 C-suite executives working for businesses in Canada with a minimum of 100 employees.

Data are unweighted as the sample universe is unknown and statistical margins of error are not applicable for non-probability samples. However, an unweighted probability sample of this size in each country would yield results that are considered accurate to within 3.1 percentage points, 19 times out of 20. The fieldwork was conducted between April 13th and 20th, 2012.

To view the infographic associated with this press release, please visit the following link:

Contact Information


Keyword Cloud

View Website