Anyone who came of age in the shredding industry during the 1990s and early 2000s remembers how hard it was to convince holders of Personally Identifiable Information (PII) that cutting bigger pieces of paper into smaller pieces of paper was something worth spending money on.
Because of that, shredders couldn’t be just shredders.
They had to become educators.
That education paid off. Armed with brochures and educational material from the National Association for Information Destruction (NAID), shredding company owners were able to educate their customers on the importance of document destruction.
But over the past few years, the world of privacy protection and data security got a lot more complicated, with far more significant consequences for companies that fail to comply with the law.
The number of local, state, federal, and international laws and regulations businesses must comply with exploded. For example, a healthcare startup in Denver no longer has to restrict its data security procedures to just HIPAA compliance. That healthcare startup has to contend with one of the country’s newest and most stringent data-breach reporting laws and the possibility of being fined or sanctioned by more than 20 different regulatory agencies.
And if an organization does business in Europe, compliance with the General Data Protection Regulation (GDPR) is now layered on top of domestic law and regulations.
Simply put, while document destruction is still an important component of privacy protection, data security has become far more than just shredding.
Education is one way to remind your customers that you are more than just a paper shredder. You are a one-stop shop of information, strategies, and tactics that will keep them on the right side of the law and the right side of their own customers, who simply want to be treated with respect and dignity.
(And how do you do that? By following the new Golden Rule of business.)
Businesses and organizations may intuitively understand that there is a cost to criminal or even just sloppy data handling. What they likely don’t know is just how severe the consequences of non-compliance are. If you are a shredding company, your customers need to learn that:
- Between 2010-2018, twenty-two U.S. regulatory agencies levied fines of more than $400M for various data breaches.
- In 2019 alone, data-breach fines are on pace to exceed $700M.
- Most data-breach laws focus on the location of the customer, not the location of the company. In other words, just because your company has one location in Kentucky doesn’t mean the only law you have to worry about is Kentucky law.
- Finally, remaining compliant and mitigating the impact of a breach—just like shredding—is best done by experts who live, breathe, and eat privacy protection and data security.
Many shredding companies have done and continue to do excellent jobs educating their customers on the necessity and benefits of shredding. But by expanding the scope of that education to include the broader world of privacy and data law, shredders become so much more than “just” a shredding company.
At CSR Privacy Solutions, we help shredding companies educate and protect their customers. Our suite of solutions, including The CSR Readiness® Pro, helps small to medium-sized businesses (SMBs) mitigate the risks of a data breach as well as the consequences that stem from improper or illegal handling of sensitive customer information.
We are proud to work with so many shredding companies that believe protecting customer data is a higher calling and was always about more than just turning bigger pieces of paper into smaller pieces of paper.
The world of data security changes constantly. The education shredding companies provided their clients ten, five, or even a year ago is often outdated. The shredding companies that continually educate their customers and provide resources and tools that help protect against the potentially devastating impacts of a data breach become more than just a vendor, and more than just a shredder.
To quote Commissioner Gordon in The Dark Knight, shredders who educate their customers become a guardian and watchful protector.
And they become the hero every organization that handles Personally Identifiable Information is looking for.