Essential Document Shredding Guidelines for the Financial Services Industry

Financial planning and management can be a source of stress for many consumers. The counsel that financial professionals provide doesn’t simply affect a person’s finances but also their ability to buy a home, start a business, or make other important life decisions. That is why the relationship between finance professionals and their clients must be built on a foundation of trust. Data management is a fundamental element of trust between finance professionals and the clients they serve.

Due to the amount of private information shared, financial services data is a target of bad actors. Last year alone, finance surpassed health care as the industry with the most data breaches according to a cyber risk report from Kroll. Verizon's 2024 Data Breach Report cited 3,348 incidents and 1,115 with confirmed data disclosure¹. Even though, IBM’s 2023 Cost of a Data Breach Report showed that the cost of a data breach in the financial industry was down slightly, from $5.97 million to $5.90 million², that is still a staggering amount of money. While this progress is promising, taking precautions to protect your data is imperative. One such way is secure document destruction.

What to Shred: Keeping personally identifiable information (PII) secure is a hot topic right now. Data from the Federal Trade Commission indicates that identity theft was the top-reported category among 5.5 million fraud reports in 2023. When consumers and businesses consult financial professionals, they want to know that their sensitive information is protected. Improving data protection procedures and investing in an effective document destruction service can ultimately help build trust, save money, and drive customer loyalty.

Although individual needs may vary, the following is a list of the types of information you may choose to manage via secure destruction in the financial services industry:

Customer Information

• Account numbers
• Personally Identifiable Information (PII)
• Information protected by privacy laws such as the Gramm-Leach-Bliley Act (GLBA)
• Loan applications and documentation
• Banking data

Human Resources

• Job applications
• ·Resumes
• Health and safety documentation
• Medical records
• Payroll information
• Performance appraisals
• Training information and manuals

Executive Level

• Budgets and other financial data
• Correspondence
• Legal contracts
• Strategic reports
• Financial statements

Accounting and Information Technology

• Customer lists
• Supplier information
• Internal reports
• Accounts payable statements

Tips to Help Keep All of Your Data Secure

Utilizing the following tips may help avoid a potential data breach:

• Identify Areas of Risk: Conduct an information security risk assessment and a walk-through of your administrative areas, including the front desk, to identify high-risk areas, such as printing stations, messy desks, and exposed trash and recycling bins. Flag these vulnerabilities and develop policies that can help to remove the threat.
• Develop Retention Schedules: All documents should have a recommended retention period, determined by their importance and content. Depending on the specific record, there may be laws and regulations that dictate which documents need to be kept and for how long. Follow document retention schedules to help keep offices free of clutter and to contribute to information security. To create an effective document retention policy for your financial services business, you may choose to consider including the following:
  • A checklist of common document retention guidelines
  • Recommendations for implementing a document destruction policy
  • The proper document retention schedule
  • To understand how a secure shredding program can help you meet your obligations
• Adopt a Shred-it All Policy: Often there is confusion when deciding whether or not a document should be shredded. This policy encourages the regular destruction of all documents (in accordance with internal policy). By implementing a Shred-it All Policy at your workplace, you help ensure that all documents are shredded. It is one of the most effective ways to help prevent physical data breaches.
• Adopt a Clean Desk Policy: A clean desk policy helps ensure staff shred or contain physical documents and that all technological devices are locked each time an employee leaves a workspace. This policy can also help reduce clutter, improve the security and confidentiality of information, and contribute to an organized workspace as a best practice throughout the organization.
• Reinforce Policies through Reminders and Rewards: To get buy-in from employees, place posters reminding them of the new policies in place to protect confidential information in the workplace. You can also drive employee engagement initiatives to encourage employees and incentivize good behavior through rewards such as team member recognition.

Businesses can use a trusted professional document destruction service, like Shred-it^®, that offers a variety of shredding options and destroys materials to make them nearly impossible to put back together, therefore protecting customer information.

Download our info sheet for a detailed list of what documents should be shredded. Contact Shred-it^® today to learn more about how we can help keep your business’ physical data secure.

^{*This article is for general information purposes only and should not be construed as legal advice on any specific facts or circumstances.}

^{1. 2024 Data Breach Investigations Report pg. 62}

^{2. Cost of a Data Breach Report 2023 pg. 13}