Businesses focusing less on data security training, despite increased risk in 2020: Shred-it report

In-house counsel must take lead role in enforcing data security measures and training

Businesses focusing less on data security training, despite increased risk in 2020: Shred-it report

Employee training in data protection measures has declined in many businesses this year, despite an increased risk of data breaches resulting from remote work, according to a new report by Shred-it.

Shred-it’s 10th anniversary edition 2020 Data Protection Report also found that businesses – and legal departments in particular – still use vast quantities of paper, which signals a need for careful oversight of physical information and its protection.

In-house counsel have a vital role to play in implementing and enforcing data protection policies and training programs, and in ensuring that a robust plan is in place to securely destroy sensitive physical documents, according to Michael Borromeo, vice president of data protection at Stericycle, the provider of Shred-it information security solutions. With COVID-19 forcing many businesses to switch to a remote working environment this year, data protection is more critical than ever, so prioritizing employee training for the protection of data is essential, together with ensuring that employees have the resources and tools they need to safeguard information, Borromeo says.

While many people believe that data protection is the domain of IT and HR departments, it should really be regarded as a shared responsibility, according to Borromeo.

“With privacy frequently falling within the orbit of an organization’s legal department, in-house legal counsel often needs to take a leadership role in ensuring that the right security measures and training programs are in place, and that they are adhered to,” he says. “In-house counsel should lead by example. Are you putting confidential documents in the garbage or blue bin without having them professionally shredded first?…Be an advocate for protecting confidential information. Your organization will be better off because of it.”

Alarmingly, almost a quarter of C-suite executives and more than half of small business owners have no regular training on information security procedures and policies, the report indicates.

“What’s most troubling to see this year is the decline in employee training and policies against the backdrop of diminishing consumer trust and a higher frequency of data breaches,” says Borromeo. “Now, more than ever, organizations need to be taking greater steps to protect their data as a majority of consumers [86%] agree that physical and digital data security is a top priority when choosing who to do business with.” Moreover, only six per cent of C-suites and 14 per cent of small business owners operate in a paperless environment, the report found, indicating a need for stringent policies surrounding disposal of paper documents.

Compliance is another area of responsibility for legal departments, and astute in-house counsel will be closely monitoring expected changes to Canada’s Personal Information and Protection of Information Act.

External threats and physical property loss are the biggest information security threats to Canadian businesses, Shred-it’s report found. Only 41 per cent of organizations have a strictly enforced policy in place for storing and disposing of confidential information when employees work off-site. In fact, 45 per cent of small business owners have no such policy at all. 

Consumer trust is another major concern as 83 per cent of consumers fear that private, personal information about them may be available on the internet, and 66 per cent are concerned that their private, personal information exists somewhere in paper format. Borromeo suggests that businesses can help to ease these consumer concerns by providing transparency on the collection of data, being proactive in taking data protection measures, and being honest in the case of a breach.

“On a day-to-day basis, provide transparency on what data is collected and retained, how it is stored and for how long, and how committed the organization is to protect is,” says Borromeo.

Shred-it commissioned Ipsos to conduct a quantitative online survey of 900 small business owners in Canada with fewer than 100 employees, and 157 C-suite executives in Canada with a minimum of 100 employees. The fieldwork was conducted between February 27 and March 9, 2020.

Recent articles & video

Understanding why Goliaths are so powerful, and knowing how to fight them

Roundup of law firm hires, promotions, departures: June 5, 2023 update

Lawyers laud Australia-UK FTA

From in-house counsel to angel investor, 1Password’s CLO Erin Zipes reflects on building a practice

Mounting threats to gender-based rights a theme at LEAF’s annual Equality Day reception

Ontario Court of Appeal clarifies insurance coverage rule for passengers of stolen vehicles

Most Read Articles

Cassels reimagines office design, replaces ‘old partner’ setup with ‘equality of access’ to daylight

SCC finds company committed abusive tax avoidance in case dealing with general anti-avoidance rule

David Stern’s cold calls launched his career in entertainment and sports law

Roundup of law firm hires, promotions, departures: May 29, 2023 update