Banks are the worst offenders when it comes to exposing confidential client information to the risk of theft, according to a survey of the contents of commercial rubbish bins in Sydney.The National Association of Information Destruction (A/NZ), which is the peak body for the secure destruction industry, hired a private detective agency to find out what customer information various businesses were putting in their bins.The agency, The Private Group, sent an operative to poke his nose into bins in 80 locations in Sydney during January and early February. The businesses under surveillance included bank branches, accounting, law and financial planning firms, doctors' surgeries, hospitals, pharmacies, government offices and recruitment companies.At 40 per cent of the bank branches, easily accessible and non-secure rubbish bins were found to contain confidential customer information, such as pages with account names, account numbers and balances.The Private Group's operations manager, Chris Eastaughffe, said all of the customer information found in the banks' rubbish bins was of a type that could be used for identity theft or be combined with other material to pose a risk to the individual involved.Compared with the banks, 15 per cent of the hospital bins, 20 per cent of the lawyers' bins and 25 per cent of the doctors' bins yielded confidential personal information. Items included blood test and Pap smear results, days spent in hospital and procedures performed, and details of legal claims.All this material was found in general rubbish bins. In cases where secure rubbish bins were used, a number were not locked and others were of a type that could be removed easily.There was no personal information found in the bins of the accounting firms, pharmacies, recruitment companies or government offices whose bins were examined.The chief executive of NAID Global, Robert Johnson, said the findings suggested poor management policies in relation to disposal, and poor staff compliance with whatever policies were in place.Johnson, who was in Sydney for a NAID-A/NZ conference yesterday, said a common approach was to put a shredder in the office and tell staff to use it. "Staff don't use it because it is time-consuming," he said.The NAID survey should be a wake-up call for banks and other businesses as the deadline for a new privacy regime approaches. Amendments to the Privacy Act take effect in March next year; these will include new Privacy Principles and more powers for the regulator, the Office of the Australian Information Commissioner. The OAIC's acting assistant commissioner, Angelene Falk, told conference delegates that, under the current law, remedies for non-compliance relied on co-operation between the parties. However, under the new law, the OAIC will have enforcement powers, including the power to issue binding decisions, the power to impose civil penalties up to A$1.1 million and the power to accept enforceable undertakings.The new Privacy Principles include a requirement that if customer information is no longer required it must be destroyed or de-identified.Falk said it was a myth that people accepted the notion that privacy no longer existed in the social media