Data Breaches: They Happen on Paper, Too
Paper breaches accounted for 12 percent of all reported data breaches in the U.S. in 2013. And a 2012 report from the Health and Human Services Office of Civil Rights showed that paper breaches were involved in 61 percent of smaller breaches—those affecting less than 500 people.
Whether a breach affects one person or one million people, it’s almost always a preventable problem. Most paper breaches are the result of the careless handling of documents. Consider these incidents:
- In June 2014, a backpack containing notepads with handwritten names, social security numbers, and birthdates (aka the most PII of all the PIIs!) of more than 400 people was found left behind at a deli in Connecticut. It was later revealed that an employee of Access Health CT, a state-run Affordable Care Act agency, had left the backpack.
- Parkview Health System was ordered to pay $800,000 as part of a settlement of a case that involved a large paper breach and what the court called “potential violations” of the HIPAA Privacy Rule. In this case, several boxes of patient records were left outside a doctor’s home, unattended.
How to Avoid Paper Data Breaches
In nearly every case of a “hard copy” data breach, the culprit is a lax or non-existent paper document disposal policy.
Develop a policy and set of standards for your company which details exactly:
- Which documents need to be retained and for how long
- Which documents need to be shredded and when
- Where documents waiting to be shredded must be housed
- How documents in any of the above stages should be handled and by who
Prevent Employee Mishandling of Data
Make sure every employee at every level reads the policy and is aware of its importance. In the two paper data breach cases mentioned above, the egregious behavior of company employees clearly played a large part. How can your company make sure that employees follow the policy all the time, no matter what? The Identity Theft Resource Center (ITRC) has some useful tips:
- Have every new employee sign an agreement stating they will follow the company’s confidentiality and security policies. Continually stress how critical it is to protect client data—and the company’s reputation.
- Limit access to information to those who need it to perform their job duties. Keep track of every employee who has access to customers’ PII.
- Make sure employees know how to recognize security threats. Illustrate clear consequences for personal breaches—lost laptops, misplaced files, etc.
Get additional information from ITRC on keeping your workplace secure.
Stop Paper Data Breaches Before They Happen
Don’t risk lawsuits and fines—put a careful and strict confidentiality policy in place at your business and make sure every employee follows it and is aware of the consequences of non-compliance.
”TrueShred was prompt, efficient, clean and extremely professional. I plan to continue to use your service and will highly recommend TrueShred to other businesses.”READ MORE