Hard copies should be destroyed on a formal and regular basis
Imagine you are the manager of a large medical practice which is being sued after 10,000 pages of medical records found their way into the hands of an investigative reporter or thief. When asked by the plaintiff's lawyer how you get rid of hard copies, an answer such as "Lenny the computer guy does it whenever he can" is akin to pleading guilty. In contrast, "We have an outside bonded, National Association of Information Destruction (NAID) certified company empty our security containers and shred the contents on a weekly basis" will likely shield you from significant liability.
The issue also is not necessarily how often the data is destroyed; rather whether it is done on a formal basis, based on risk factors specific to the organization. As part of effective oversight, a formal system of information destruction must be created and implemented. If data destruction is indeed performed in a formal, documented manner, and your destruction schedule is done on a scheduled basis; the plaintiff's lawyers will have much less to use, which could likely be judged positively by a jury.
Two good examples of formalized procedures are the Confidential Document Handling Procedures from Purdue University and the Iowa State University Document Destruction Operating Plan. A Google search will give you many more, which you can use as a base for your program.
One of the most important aspects of a formal plan for information destruction is consistency. If an organization is inconsistent in what it destroys, this shows a lack of due diligence, in addition to the appearance to attempting to hide something.
As part of this formal process, realize also that there are many elements to data destruction that must be built into the process. One of them is the concept of a data destruction moratorium. The reason for this is that there are times when an organization must stop its data destruction activities. If a legal discovery request is received, policies must be in place to ensure that all organized and periodic data destruction activities must immediately be placed on hold until the Legal Department determines whether these destruction activities jeopardize sought-after data.
As to a formal process, there was a company that used a goat as their document shredder. While perhaps effective from a shredding perspective, it is clearly not a best practice approach, nor is it likely their lawyers signed off on that method. A goat eating away at paper is fine for the Far Side, but has no place in a formal document disposal process.