Personal employee information is being made easily accessible to thieves, as one third of businesses fail when it comes to document security and the destruction of out of date personal information.
In a survey commissioned by the National Association for Information Destruction (NAID), three in ten organisations were found to be unaware of requirements under the Privacy Act, which order businesses to destroy personal information when it is no longer needed.
Only about half of the businesses surveyed had formal destruction and security policies and 68 percent had no formal destruction training programs.
“I encourage all organisations, big and small, holding personal information to securely destroy that information when it is no longer required in accordance with privacy and other laws,” said Dr Anthony Bendall, acting Vvctorian privacy commissioner.
The survey found smaller businesses are most likely to have a lax approach to information security and destruction, with larger organisations more concerned about fines, loss of customer trust and negative publicity.
NAID Australasian chairman Anthony Tanti said: “The fact there is often a variety of people responsible for document security and destruction could be preventing organisations from having a clear and comprehensive approach to privacy of information.
“The survey found one in five was concerned about the security at outsourced document destruction companies and their employees. As an industry body, NAID always recommends organisations seek out NAID AAA certified document destruction companies, who are regularly audited and require all employees to undergo security checks,” Tanti added.