If you leave a trail, criminals will follow it
Paper records and electronics contain personal information that can be stolen and used for fraudulent activities if not disposed of properly.
Identity theft — these two words strike a loud and lasting chord of fear at every insurance agency. Today, when the criminally intent are craftier than ever, it’s a must to take every precaution and that includes the secure destruction of paper documents and portable electronic devices at the end of their usefulness.
Most of what we hear on the news deals with IT cyberthreats, but the very same potential for human error that leads to cyberhacking also exists for sensitive information stored on paper. It does seem that we’re moving toward a “paperless” state, but there are still many instances where highly sensitive information is stored in a paper format. Just one or two pieces of personal information left in an office recycling or trash bin are all that is required to steal an identity.
The type of information businesses discard daily is jaw-dropping. Financial statements, net worth data, health information and more. Any and all of this information contains the ammunition necessary to raid an individual’s financial, health and other personal records. In a perfect world, it wouldn’t happen, but it does. Even those sworn to protect the sensitive information they routinely discard can slip up — a blunder that could land highly confidential information into the wrong hands.
Take a recent case in point. In Texas, a man found hundreds of tax documents discarded in a dumpster ten miles away from the tax office where they originated. The records contained Social Security numbers, addresses, drivers’ license numbers, and bank account information. Human error can be very costly.
Rifling through trash may be unethical but it’s not illegal. Papers left in a public dumpster or trash bin once placed there means that the person or company has essentially forfeited their ownership rights to the items, as the property is now in the public domain!
As a result of the Gramm Leach Bliley (GLB) bill of 2001, consumer institutions are mandated to diligently protect customers’ privacy. Liability for violations of privacy rests squarely on the shoulders of regulated businesses, including but not limited to, insurance companies, attorneys, mortgage brokers, real estate agents, tax preparation services, credit unions, credit bureaus, banks, management consulting and counseling firms, and the list goes on.
These businesses are obligated to establish procedures to ensure the security and confidentiality of customer records and information, protect against any anticipated threats or hazards to the security or integrity of such records, and protect against unauthorized access to or use of records or information which could result in substantial harm or inconvenience to any customer. And while GLB has been in effect for close to two decades, it’s unrealistic to believe that every business complies with the act 100% of the time.
The message here is that keeping paper documents past their useful life is a liability, so it makes good sense that an increasing number of companies are turning to shredding services that provide locked bins and consoles to collect sensitive documents for transport back to the shredding company where they are destroyed. Some such services also offer on-site mobile shredding.
Sensitive “written” material is also stored on small portable devices — smartphones, iPads, laptops and hard drives. Identity thieves can collect confidential information by mining it from discarded hard drives; even hard drives that are reformatted can often be restored using special software.
Companies that dispose of sensitive, confidential data without using a secure method expose themselves to unnecessary risk and costly government fines. Even if it appears that hard drives and other disposable media have been wiped clean, they may still hold information that could prove damaging in the wrong hands. The sole guaranteed method to securely dispose of retired hard drives and tapes is to shred them into tiny pieces. There are shredding service firms that can destroy hard drives, tapes and other media containing sensitive information as well as permanently destroying paper documents.
As with any service partner, it’s always wise to conduct research before forming a relationship. How long has the firm been in existence? Who are some of the companies they have worked with? Do they offer mobile on-site services in addition to having a secure facility?
The fact of the matter is that threats to the security of individuals, businesses and organizations will always exist, but we should not make it easy for criminals. Methods of keeping records will continue to migrate from paper to electronic, but those paper trails remain and are a treasure trove for crooks knowing who, how and when to target.
Don’t be a victim of these offenders; destroy their efforts by properly destroying valuable information both on paper and small electronic devices.
Rick Carey (rick@destruction.com) is the founder of Destruction.com, a Datasafe company, with offices in the Greater Boston area.
Related: