There must be unwavering support by the leaders at the highest level of the organization in order for an information security policy to weave itself into the day-to-day operations of the business. This will only happen if the policy reflects core business objectives.
Similar to eBay's process, dark web sellers often solicit and publish customer feedback so perspective buyers can evaluate the criminal's reputation for delivering illegal stolen identity information as described. How's that for honor among thieves?
So what exactly is social engineering? It is the manipulation of people into performing actions or divulging confidential information. It is a confidence (con, for short) trick for information gathering, fraud, or system access.
The retention of an infinite number of documents may become both expensive and impractical. But the premature destruction of certain documents may lead to the loss of valuable information. Where's the happy medium?