Every Melbourne business sits on paper it should not be keeping — old invoices, HR files, client records, tender documents. Throwing them in the general waste bin is not just untidy; under the Privacy Act it can be a breach. Confidential document shredding turns that risk into a routine, auditable process. Here is how the service actually works, what it should cost, and the compliance points that matter.
Why secure shredding is a legal obligation, not housekeeping
The driver is Australian Privacy Principle 11 (APP 11) under the Privacy Act 1988. APP 11.2 requires any organisation covered by the Act to take reasonable steps to destroy or de-identify personal information once it is no longer needed and no other law requires it to be kept. In practice "destroy" means making the information unreadable and irretrievable — a cross-cut shredder, not a recycling bin.
The stakes rose sharply with the Privacy and Other Legislation Amendment Act 2024, which introduced a tiered civil penalty regime and bolstered the OAIC's enforcement powers. For a serious interference with privacy, maximum penalties run to the greater of $50 million, three times any benefit obtained, or — where that benefit cannot be quantified — 30% of adjusted turnover. Beyond fines, a dumpster full of readable client files is a notifiable data breach waiting to happen — and a reputational problem no SME wants.
What you should actually be shredding
If a document contains personal, financial or commercially sensitive information and you no longer need it, it should be destroyed securely. Common categories include:
- HR and payroll records, superannuation and tax file numbers
- Customer and patient records, contact lists, contracts
- Invoices, bank statements, credit card slips and BAS paperwork
- Tenders, quotes, internal strategy and board papers
- Anything bearing a signature, ABN, Medicare number or licence detail
Mind the retention rules first: tax records generally need to be kept for five years, and some employment and corporations records longer. Shred only once the retention clock has run out.
On-site vs off-site shredding
There are two delivery models, and the right one depends on volume and risk appetite.
On-site (mobile) shredding brings a shredding truck to your kerb. Your locked console is wheeled out, tipped into the truck's hopper, and destroyed before it leaves — you can watch it happen. It is the gold standard for high-sensitivity material (legal, medical, government) because the chain of custody never leaves your sight.
Off-site shredding collects sealed consoles or security bins and destroys the contents at a certified facility. It is typically cheaper per kilo, handles large volumes efficiently, and remains secure provided the provider holds proper certification and issues a certificate of destruction.
| Factor | On-site (mobile) | Off-site (facility) |
|---|---|---|
| Chain of custody | Visible at your site | Sealed bin, transported |
| Best for | High-sensitivity, lower volume | High volume, routine purge |
| Typical cost | Higher per service | Lower per kilo/box |
| Certificate issued | Yes | Yes |
Lockable console service and how pricing works
Most ongoing programmes are built around lockable consoles or 240-litre security bins placed in your office. Staff post documents through a slot; the provider services them on a scheduled cycle (weekly, fortnightly or monthly) or on call. You never handle loose paper, and access is restricted.
Pricing usually follows one of three models. As a guide for Melbourne — always confirm with a current quote:
- Per console/bin service: typically $20–$45 per console serviced, billed on a regular cycle.
- Per box (one-off purge): roughly $10–$20 per standard archive box for a clear-out.
- Console rental: a small monthly fee per unit on top of the service charge.
The trap is the gap between the headline rate and the all-in cost — minimum charges, fuel levies, console rental and lock-in terms. Brokers see these contracts across dozens of providers; benchmarking is exactly where money leaks. See our Melbourne waste cost index for how line-item creep works across the board.
Certificates of destruction and what compliance to demand
A certificate of destruction is your audit trail — proof you met your APP 11 obligation on a given date for a given volume. Insist on one for every service, and keep them.
For certification, the recognised benchmark is NAID AAA Certification, administered by i-SIGMA through independent, unannounced audits of process, staff vetting and facility security. For the shred itself, ask which security level the provider works to under ISO 21964 / DIN 66399 — P-4 is generally sufficient for everyday personal information, while P-5 (particles of 30 mm² or less) suits highly sensitive material.
One welcome by-product: shredded paper is baled and recycled, so secure destruction and your recycling targets pull in the same direction. If you are tightening the whole back-of-house, pair this with our office waste management guide.
Where Bundle Waste fits
Bundle Waste is not a shredding company — we are an independent broker. We benchmark your document destruction (and the rest of your bins) against a network of Melbourne providers, renegotiate the contract, and are paid only from the savings we find. No win, no fee. If shredding is one line on a messy waste bill, see document destruction services or get a benchmarked quote.
Frequently asked questions
Is my business legally required to shred confidential documents?
What is the difference between on-site and off-site shredding?
How much does document shredding cost in Melbourne?
What is a certificate of destruction and why does it matter?
What does NAID AAA certification mean?
What documents should a business shred?
Related guides
Related questions
See what you could save
Send us a recent waste invoice. We'll benchmark every charge against a network of Melbourne providers and show you the savings — free, no obligation, no win no fee.
Get Your Free Waste Audit →