The Consequences of Improperly Destroying Data
Improperly destroying data or sensitive information presents the risk of identity theft. What are the consequences?
Records management is an important aspect of running a tight ship, but storage and retrieval are only the tip of the iceberg when it comes to data management. Whether it’s paper or digital data, how and when you destroy it makes all the difference for security and identity protection. More and more businesses are storing information on hardware and on portable devices. This means that proper organization, security, and disposal of electronic data is also becoming increasingly necessary.
If you treat data like regular trash and don’t take the steps to destroy it properly, it may come at a hefty price.
It puts you and your clients at risk.
According to the National Institute of Standards and Technology, dumpster diving for improperly disposed media is a huge source of illicit information that put businesses and clients at risk. Of course, dumpster diving isn’t exclusive to digital media. Any and all sensitive information that is placed in the trash is susceptible to theft.
It can cost you thousands in fines and settlements.
Perhaps drug retailer Rite Aid can serve as a cautionary tale – in 2010, Rite Aid was sued by the Department of Health and Human Services (HHS) and the Federal Trade Commission (FTC) for the improper disposal of prescriptions, labeled pill bottles with customer information, and employment applications. These items were placed in easily-accessible dumpsters behind Rite Aid stores in a number of cities across the country. Consequently, Rite Aid agreed to pay $1 million to settle potential violations of the Health Insurance Portability and Accountability Act Privacy Rule (HIPAA).
It’s the law.
Especially for financial companies. The Gramm-Leach-Bliley Act (GLBA) requires companies defined under the laws as “financial institutions” to ensure the security and confidentiality of information such as: customer names, addresses, phone numbers and social security numbers. This requirement includes companies of all sizes that are “significantly engaged” in providing financial products or services.
Financial businesses must ensure that the financial records of clients and customers that are stored on computers, copiers, printers, and other electronics that are being taken out of service will be destroyed and cannot be recovered by any means.
It is imperative that businesses have a strong policy relating to data security and destruction, and this policy should be written to include evidence of destruction.
Legal Shred can help businesses and consumers properly destroy both digital and paper data to mitigate identity theft and non-compliance. We offer hard drive destruction, electronics recycling, and document shredding to ensure the safety of your business and its data. After your material has been destroyed, we send a certificate of destruction so you know that your data is no longer usable.
Call Legal Shred today for a free quote!