Skip to main content
The Globe and Mail
Support Quality Journalism.
The Globe and Mail
First Access to Latest
Investment News
Collection of curated
e-books and guides
Inform your decisions via
Globe Investor Tools
per week
for first 24 weeks

Enjoy unlimited digital access
Cancel Anytime
Enjoy Unlimited Digital Access
Get full access to
Just $1.99per week for the first 24weeks
Just $1.99per week for the first 24weeks
var select={root:".js-sub-pencil",control:".js-sub-pencil-control",open:"o-sub-pencil--open",closed:"o-sub-pencil--closed"},dom={},allowExpand=!0;function pencilInit(o){var e=arguments.length>1&&void 0!==arguments[1]&&arguments[1];select.root=o,dom.root=document.querySelector(select.root),dom.root&&(dom.control=document.querySelector(select.control),dom.control.addEventListener("click",onToggleClicked),setPanelState(e),window.addEventListener("scroll",onWindowScroll),dom.root.removeAttribute("hidden"))}function isPanelOpen(){return dom.root.classList.contains(}function setPanelState(o){dom.root.classList[o?"add":"remove"](,dom.root.classList[o?"remove":"add"](select.closed),dom.control.setAttribute("aria-expanded",o)}function onToggleClicked(){var l=!isPanelOpen();setPanelState(l)}function onWindowScroll(){window.requestAnimationFrame(function() {var l=isPanelOpen(),n=0===(document.body.scrollTop||document.documentElement.scrollTop);n||l||!allowExpand?n&&l&&(allowExpand=!0,setPanelState(!1)):(allowExpand=!1,setPanelState(!0))});}pencilInit(".js-sub-pencil",!1); // via darwin-bg var slideIndex = 0; carousel(); function carousel() { var i; var x = document.getElementsByClassName("subs_valueprop"); for (i = 0; i < x.length; i++) { x[i].style.display = "none"; } slideIndex++; if (slideIndex> x.length) { slideIndex = 1; } x[slideIndex - 1].style.display = "block"; setTimeout(carousel, 2500); } //

Senior vice-president, Shred-it.

Data protection is no longer the domain of the IT department – the responsibility belongs to everyone. That requires a big change in how we organize, execute and implement security protocols. But most of all, it requires a change in culture to empower everyone to own a shared mission: protecting our business. Leaders of organizations need to move ownership over data security from the responsibility of one to the responsibility of many.

While the explosion of digital has opened enormous opportunity for real-time connections, information sharing and business growth, it has also democratized access to content, expanded the use of electronic devices and created new vulnerabilities across organizations. However, recent research found that many Canadian businesses are not keeping up with the complex privacy and security risks associated with a digital workplace.

Story continues below advertisement

Shred-it's 2017 Security Tracker, an annual survey of information security trends in Canada conducted by Ipsos, revealed that businesses of all sizes fall short when it comes to the disposal, destruction and storage of electronic devices. In short, Canadian businesses are vulnerable.

The survey found that, while the majority of Canadian C-Suites have some kind of policy in place for the use of electronic devices in their workplace, almost half (44 per cent) don't have a policy in place that is adhered to by all employees for disposing of confidential data found on electronic devices. And half of small businesses say they don't have a policy in place at all for governing the use of electronic devices, let alone disposing of the confidential data they contain (46 per cent have no policy for destroying confidential information on electronic devices). From smartphones to tablets, the door is wide open for data breaches that put customers, employees and your business at risk.

At Shred-it, I have worked with hundreds of businesses – from small three-to-four person shops to large complex businesses with thousands of people (and devices) spread across Canada and around the world. While the scope of their needs may differ, they all share an underlying need: protecting workplace privacy. Regardless of your business's size, there are a few simple steps you can take to protect your information in the digital era.

Know your business

Many readers will say, "Of course I know my company." But do you really? Do you know who has access to what data on which device? Do you know if those devices belong to you or your employee? Do you know what happens to those devices and the information on them when they are no longer used? You can't control where data flows, so you need to be armed with information and a clear map of every digital touchpoint. Destroying old hard drives and other electronic devices on a regular basis is also critical.

The fact is that most (93 per cent) of C-suite leaders have at least some employees working off site, and one in five have no policies in place to govern the disposal of confidential information outside the office. That's an invitation for confidential data to "escape."

Train, train … train again

Story continues below advertisement

Every organization with a data breach implements a training program to avoid future issues. But that's too late. The first round of damage is done, and your proprietary information is already in the wrong hands.

Training must be preventive, not remedial. Whether you're three people or 3,000, take the time to ensure your people are aware of the risks and their responsibility. Data security has to become a reflex, not just a process. Training also reduces the risk of accidental breaches where human error is the culprit and not malfeasance. It takes 194 days, on average, to contain a data breach caused in error. Training can reduce not only this time, but the cost spent during recovery significantly.

Be a role model

As a leader, you need to set the tone and lead by example. The "tone from the top" is critical in empowering your people to see security as part of their job. Leaders have to be in the front row of training sessions, show care in how they share information, and be public about the way they destroy old devices and data as they change tools or upgrade phones.

Risk can be mitigated

Whatever your workplace environment or size, making information security a core part of your business is one of the best things you can do to protect your business, employees and customers over the long term. In an age when technology is changing rapidly, the most successful and secure businesses have leaders who continuously adjust policies and nurture a culture that values information security.

Story continues below advertisement

Executives, educators and human resources experts contribute to the ongoing Leadership Lab series

Strategic IQ is more about understanding how other people are going to behave. This is a skill that is hardly developed in formal education, which would cause some people to believe that this is a born skill Special to Globe and Mail Update
Report an error Editorial code of conduct
Due to technical reasons, we have temporarily removed commenting from our articles. We hope to have this fixed soon. Thank you for your patience. If you are looking to give feedback on our new site, please send it along to If you want to write a letter to the editor, please forward to

Welcome to The Globe and Mail’s comment community. This is a space where subscribers can engage with each other and Globe staff. Non-subscribers can read and sort comments but will not be able to engage with them in any way. Click here to subscribe.

If you would like to write a letter to the editor, please forward it to Readers can also interact with The Globe on Facebook and Twitter .

Welcome to The Globe and Mail’s comment community. This is a space where subscribers can engage with each other and Globe staff. Non-subscribers can read and sort comments but will not be able to engage with them in any way. Click here to subscribe.

If you would like to write a letter to the editor, please forward it to Readers can also interact with The Globe on Facebook and Twitter .

Welcome to The Globe and Mail’s comment community. This is a space where subscribers can engage with each other and Globe staff.

We aim to create a safe and valuable space for discussion and debate. That means:

  • Treat others as you wish to be treated
  • Criticize ideas, not people
  • Stay on topic
  • Avoid the use of toxic and offensive language
  • Flag bad behaviour

If you do not see your comment posted immediately, it is being reviewed by the moderation team and may appear shortly, generally within an hour.

We aim to have all comments reviewed in a timely manner.

Comments that violate our community guidelines will not be posted.

UPDATED: Read our community guidelines here

Discussion loading ...

To view this site properly, enable cookies in your browser. Read our privacy policy to learn more.
How to enable cookies