What’s wrong with this picture?
~July 29, 2013, Dave Herndon,
The News-Herald, Melvindale, MI
We’re willing to bet that this doesn’t look like a nightmare to you. After all, its just a bunch of papers, tossed into a dumpster with the rest of the trash, right? Heck, it’s even in with the recycling!
Unfortunately, you could not be more wrong. This is exactly what a records and information disaster looks like – for individuals and for businesses.
So what’s really wrong with this picture and what can we, as individuals and business owners, learn from this mistake before it becomes our own nightmare? There are so many mistakes and disasters waiting to happen here, we barely even know where to start.
There were identifiable medical records in the files that were found in the dumpster. You can even see some of the names on the folders!
One word: HIPAA. Businesses must protect your private health information from disclosure to anyone (even the police) without proper authorization. And its clearly being violated here.
There were financial records in those files. Including tax returns. You can even clearly see one of the tax return forms in the photos.
Businesses have extremely strict regulations (Sarbanes-Oxley, etc.) regarding management of client financial records, and they must be able to provide an audit trail that shows who has accessed those files. All of which carry stiff fines and penalties for violations. In this case, it’s pretty clear none of that was followed.
Ever hear of Dumpster Diving?
There were financial records in that pile of files. Lots of them. Financial records that included social security numbers, names, addresses, etc. To an identity thief, finding this stash would have been like hitting the mother lode during the gold rush. The innocent victims would have been dealt the fatal blow to their finances (present and future), long before they even knew what happened to them.
Records? Why bother with good records management policies? Who needs to retain records?
Every business must practice good records management. There are many, many records retention rules and regulations that apply to ALL business records, and in particular, to medical and financial information (no matter what business you are in!). We’re pretty sure there are no digital copies of these files hanging around in a nice, secure, neatly organized document management program, where access is tracked and logged. Clearly, none of these files were properly disposed of when it was time to get rid of them.
It happens all the time.
- Samaritan investigates after medical records found in trash
- Hundreds of medical records found dumped at the Round Rock, Texas Recycling Center.
- Oregon Charges Agent Who Dumped Insurance Customer Records in Trash: The owner of an auto insurance agency discarded more than 1,000 insurance business records and other insurance-transaction documents into an unlocked garbage dumpster. The documents contained clients’ personal information, including client names, Social Security numbers, driver license numbers, bank account numbers, and credit card numbers with card expiration dates.
- Are You Throwing Your Company’s Secrets Out in the Trash?
- Identity Theft- Your Trash, Their Treasure: Anne Curry interviews a top security professional on how he “breaks into banks” using information he easily finds in the garbage.
What do you think? What other “mistakes” and horror stories did we miss in this picture? Share your thoughts with us below!
Want to learn more about how to manage your business records? Join us for a live webchat on best practices for records management from our team of experts!
Learn some of the tricks to making the management of your business records a little more of a treat. Avoid the nightmare and sleep soundly knowing that your records are safe and protected from harm – or at least have a plan for how to secure them!
- Wednesday, October 30, 2013
- 12:30-1:30 pm EST