Yesterday I posted on the data breach at Verizon and many records manager may wonder how that information security lesson may apply to them. I think it is important to look at the principle that carelessness and lack of accountability is the main cause of data breaches whether dealing with physical records or electronically stored information (ESI). Here are two prime example of cases with physical records that are just as ludicrous of the Verizon employee Fedexing his RSA token to China.

Steve Weisman of the Holly Group recently told the story of four Massachusetts hospitals in 2010 were found to have not disposed of medical records properly when a Boston Globe reporter found a 20-by-20-foot mountain of patient records at a local dump. The Boston Globe reports “The pile included records for more than 67,000 people, including names, addresses, Social Security numbers, pathology reports for people tested for various kinds of cancer, and other test results.” The hospital and billing company had to pay a six figure fine and make contributions to a state data protection fund. All of this could have been avoided if they would have used a shred vendor or contractor to incinerate the records.

Shredding the records is not enough as best practice is to use a diamond cut shredder so the destroyed records are indecipherable. The Nassau County Police Department found out this past Thanksgiving why a cross cut shredder is best.

Authorities in Long Island are investigating how shredded confidential police documents ended up as confetti in the annual Macy’s Thanksgiving Day parade in New York City, according to Nassau County Police.

Saul Finkelstein, a Manhattan attorney, was watching the renowned parade with his 18-year-old son Ethan, as they do every year, when they noticed a piece of shredded paper that appeared to have a Social Security number on it.

“There were shredded papers all over the place, like snowball size, all over the ground,” Finkelstein said. “There were whole sentences, license plate numbers and police reports.”

As they looked closer at the confetti, they came to realize the shredded pieces of paper were documents from the Nassau County Police Department…

Most shocking was that on the scraps of paper were pieces of sensitive information, including the names, dates of birth, Social Security numbers, banking data, and other personal information about Nassau county police officers and detectives, some of whom are believed to be undercover…Also found were notes about Mitt Romney’s motorcade from the final presidential debate, which took place at Hofstra University in Nassau County in October.

You can read the rest at CNN.com
http://www.cnn.com/2012/11/26/us/new-york-confidential-confetti/index.html

Advertisements