Data Breaches: They Happen on Paper, Too

Posted on: July 24, 2014

Paper breaches accounted for 12 percent of all reported data breaches in the U.S. in 2013. And a 2012 report from the Health and Human Services Office of Civil Rights showed that paper breaches were involved in 61 percent of smaller breaches—those affecting less than 500 people.

Whether a breach affects one person or one million people, it’s almost always a preventable problem. Most paper breaches are the result of the careless handling of documents. Consider these incidents:

  • In June 2014, a backpack containing notepads with handwritten names, social security numbers, and birthdates (aka the most PII of all the PIIs!) of more than 400 people was found left behind at a deli in Connecticut. It was later revealed that an employee of Access Health CT, a state-run Affordable Care Act agency, had left the backpack.
  • Parkview Health System was ordered to pay $800,000 as part of a settlement of a case that involved a large paper breach and what the court called “potential violations” of the HIPAA Privacy Rule. In this case, several boxes of patient records were left outside a doctor’s home, unattended.

How to Avoid Paper Data Breaches

In nearly every case of a “hard copy” data breach, the culprit is a lax or non-existent paper document disposal policy.

Develop a policy and set of standards for your company which details exactly:

  • Which documents need to be retained and for how long
  • Which documents need to be shredded and when
  • Where documents waiting to be shredded must be housed
  • How documents in any of the above stages should be handled and by who

Prevent Employee Mishandling of Data

Make sure every employee at every level reads the policy and is aware of its importance. In the two paper data breach cases mentioned above, the egregious behavior of company employees clearly played a large part. How can your company make sure that employees follow the policy all the time, no matter what? The Identity Theft Resource Center (ITRC) has some useful tips:

  • Have every new employee sign an agreement stating they will follow the company’s confidentiality and security policies. Continually stress how critical it is to protect client data—and the company’s reputation.
  • Limit access to information to those who need it to perform their job duties. Keep track of every employee who has access to customers’ PII.
  • Make sure employees know how to recognize security threats. Illustrate clear consequences for personal breaches—lost laptops, misplaced files, etc.

Get additional information from ITRC on keeping your workplace secure.

Stop Paper Data Breaches Before They Happen

Don’t risk lawsuits and fines—put a careful and strict confidentiality policy in place at your business and make sure every employee follows it and is aware of the consequences of non-compliance.

If you have questions about secure document destruction in the Metro DC area, feel free to contact us here at TrueShred.

Upcoming Events

10:00 am Monthly Community Shredding
Monthly Community Shredding
Jul 11 @ 10:00 am – 2:00 pm
Recycling Event To accommodate residential and small business clients, TrueShred offers a paper shredding drop-off option. Bring your medium sized boxes (Regular Bankers Box) of sensitive papers and for just $10 per box watch the
Dennis R. Akers, Audit Supervisor - Virginia Department of Taxation

”TrueShred was prompt, efficient, clean and extremely professional. I plan to continue to use your service and will highly recommend TrueShred to other businesses.”