Here are a few security improvements you can easily make:
1. Shred it
If you don’t have a shredder, buy one, or retain a shredding service (they will provide you with a locked bin for papers that they will fetch when it’s full and they will shred the papers for you). It should be a hard rule in your business that all paper containing PI should get shredded when you’re done with it.
2. Lock it
Lock your filing cabinets, drawers, and offices when not actively in use. Even when you go to the bathroom.
3. Restrict access
Don’t let just anybody into your administrative area. Make sure that only those who really need access to files or accounts, have it.
Don’t allow any outsiders ‘behind the counter’.
4. Clean desk at reception
Keep your appointment book, customer files, and accounts out of the public eye. Rather keep your appointment book electronically.
5. Keep it confidential
Don’t discuss customer details in person or on the phone in an area (like reception) where others can overhear.