I worked for a bank for a number of years. We were very good about shredding everything, to the point that if any quantity of paper was found in the trash, the housekeeping staff would note the desk/name it was found at and drop the bag off at the Security Officer's desk for review. (There were a few write-ups, usually only once, on some to the staff.)

Ironically, the only large "breach" we had was when we had FDIC auditors in and one their laptops was stolen from the hotel room. There were 453 customer's financial details on the laptop. It was presumed stolen for the hardware, not the data.

We had to supply the customers with credit monitoring for a year along with prompt notification.

After that, I make it a point to build a shred pile on my desk (I print less than 50 pages a month generally), delete old data after a month, and occasionally run a wipedisk on the blank sectors of my drive. I do my troubleshooting of customer data on servers setup for the purpose.

I know -- tangential and paranoid -- but I don't want my butt fired for it. How many companies provide lunch three days a week. 😎