Information Management Issues
Why is Data Security So Important?
Heather Fitzanko - AAA Confidential Security Corporation
Have you been victim of ID theft or do you know someone who has?
The Federal Trade Commission reports over nine million people nationwide fall victim to ID theft each year. When we think of ID theft, the first thing that comes to mind is computer hackers—high-tech criminals with gadgets and gizmos that crack firewalls and steal the credit card numbers of online buyers.
We think of TJX Companies. Last March, TJX reported that 45.6 million credit and debit card numbers were stolen from one of its systems over a period of more than 18 months.
However, an estimated 50 to 70 percent of reported identity theft cases can be traced to residential trashcans and commercial dumpsters. An investigation by Kentucky’s Attorney General reported that out of 121 dumpsters that were searched, over 33 percent held more than 500 records containing personal information.
In April 2007, a study conducted by Javelin Research Group reported that more than 75 percent of consumers polled will cease doing business with retailers and merchants who experience a data breach.
In a six-month investigation into prescription privacy, pharmacy dumpsters were inspected in more than a dozen cities across the nation. The search uncovered 2,394 patient records from unsecured dumpsters. The nation’s three largest drugstore chains—CVS, Walgreens and Rite Aid—said they would take immediate steps to secure patient information. The U.S. Department of Health and Human Services’ Office of Civil Rights, as well as the Indiana Attorney General’s office, has launched independent investigations. The Indiana Board of Pharmacy filed complaints against 30 Indianapolis-area pharmacies.
According to an article in the Pacific Business News on March 21, 2007, Stephen Marn, who paid a handyman to take boxes of confidential records to the dump, has been formally accused of violating Hawaii’s consumer protection laws. The DCCA alleges that Marn broke not one, but several, state laws, including the new “dumpster-diving law” that requires companies to dispose of records by burning or shredding them. It calls for fines of up to $2,500 per violation.
Last May, two teenagers stole a laptop from the Department of Veterans Affairs that contained financial information on more than 25 million veterans, as well as people on active duty.
Rebecca Martin, president of A&I Travel Services, watched as piles of her business’s paperwork took flight along Poplar Avenue in Memphis. Most of the pink papers being picked up by employees were travel receipts with personal information including names, addresses, telephone and credit card numbers.
No company wants newspaper headlines like this. Negative publicity can, no doubt, affect profitability. Fines for privacy regulation violations and civil penalties could reach upwards of $50,000.
Between 2000 and 2003, 182 cases of consumer privacy litigation were brought against 234 corporate defendants, with $160 million paid out in damages, according to Privacy and American Business, Consumer Privacy Report, 2004.
Identify what information your organization collects and what regulations apply
Adopt information security and privacy policies
Define and document organizational roles and responsibilities
Contact professionals who can assist in information protection, retention and disposal.
An ounce of prevention is worth a pound of cure. The bottom line is your bottom line. IBI