Defunct Businesses, Abandoned Records Threat to Data Security

With the faltering economy, many businesses are shutting their doors – and sometimes improperly disposing of their records, putting their former customers at risk for identity theft. Examples from just the past month include:

•In late May, two decades’ worth of customer records from a recently closed boat company in Portland, Oregon, were discovered in a dumpster. The records contained personal information, including Social Security numbers, according to Portland television station KGW, which had received a tip about the abandoned records.
When contacted, the former business owner said a shredding company was supposed to pick up the records and dispose of them. It later did, but only time will tell if any personal information had been compromised before the owner was alerted. According to KGW, the Oregon State Finance and Corporation Division is looking into the matter.

•In late April, hundreds of medical files containing patient Social Security numbers and other private information were found outside a former physical therapy clinic in Monticello, New York. The records had apparently been abandoned by the tenant, which had vacated the premises months earlier, according to the Times Herald-Record.

•Also in April, dozens of personal documents from a San Antonio tax preparation business that had closed its doors were found in a dumpster after it was set on fire. A former employee told a KENS 5 television station reporter that he knew nothing about the documents. KENS 5 staff observed that although tax season was over, the headaches could just be starting for those whose information had been improperly discarded.

“The trash is considered by business espionage professionals as the single most available source of competitive and private information from the average business,” according to the National Association for Information Destruction (NAID), a non-profit trade association of the secure information destruction industry. “Any establishment that discards private and proprietary data without the benefit of destruction exposes itself to the risk of criminal and civil prosecution, as well as the costly loss of business.”

To protect themselves, businesses that are closing should consult with legal counsel to determine what records it must maintain, what records should be returned to customers, and what records can safely be destroyed.

For records that may be destroyed, NAID recommends using a method that ensures obliterating the information. If the volume is small, a business could follow the recommendation in a guideline available from ARMA International titled Contracted Destruction for Records and Information Media to securely destroy its records that contain confidential information: cross shred paper, degauss and shred zip drives, hard drives, and thumb drives, and shred audio/video tapes.

A business that is closing may have too large a volume of records to destroy them in-house, in which case it may consider using a third-party vendor of destruction services. Contracted Destruction for Records and Information Media identifies the critical components for selecting a vendor and ensuring records are not compromised through any part of the destruction process.

NAID’s Compliance Toolkit, which is available from NAID members, provides guidance to help businesses, including these recommendations for securing records once they are identified as being eligible for destruction:

•Records to be destroyed should be segregated, inventoried, and isolated in a manner that reasonably minimizes any chance of unauthorized access and diversion.
•All media designated for authorized destruction must be transported to the secure destruction in secure and/or locked containers.
•All vehicles transporting secure and/or locked containers must be locked when unattended. See www.arma.org and www.naidonline.org for more information about records security and destruction.

Bottom line, use a professional Records Management company like Offsite Data Depot to properly dispose of your records and confidential information.

Article by: ARMA International IMN, May

0 comments

  1. Pretty scary stuff-as well as many businesses going under- I am sure the times are adding to the desperation of those that may be looking for this kind of info.

  2. Back in the day, I used to do competitive analysis for a software company. This included intercepting messages at trade shows, where I once discovered that our for VP of Sales was violating his “resignation” agreement and talking to a competitor about working for them, well ahead of the cooling off period.

    I wanted to go dumpster dive our competitors because I figured they were throwing out draft copies of documentation for pre-release products.

    We had employees from competitors trying to get demos in our customer-only suites, coming in wearing fake name-tags. That was many years ago.

    A little off the subject, but interesting, was a company whose very expensive product sent a message back home every time it was installed. We caught out competitors installing copies of our software and busted them for it.

  3. I think about this every time I fill out an employment application. Nobody would get anywhere with my credit, though. 😉

Leave a Reply

Your email address will not be published.