Shred or Be Shredded!

shreddedIn recent years, lawsuits have increased in regards to the negligent handling of personal information by corporations. Some states have passed laws allowing individuals to sue organizations that fail to safeguard their private data. As a result, many employers are imposing new restrictions as to who can take confidential records out of the office (if anyone) and are providing special training on how to keep data secure and dispose of it properly.

Nearly every state in America has enacted a data breach notification law. These laws require businesses to notify consumers of breaches in security. Remember, breaches can be electronic (email hacking) or as simple as dumpster diving. Many of these laws impose additional obligations upon businesses. According to the Better Business Bureau, here are some steps to take in the event there has been a breach in data security:

  1. Immediately gather the facts of a potential breach.
  2. Notify financial institutions.
  3. If financial information, such as payment card numbers, was compromised, contact the bank or company that manages your payment card processing.
  4. Seek outside counsel.
  5. Seek attorney assistance or guidance from a risk consulting company as soon as you become aware of an incident that might constitute a data security breach. Your attorney can help you identify which laws might be involved, and whether you need to alert consumers or the government of the incident.
  6. Notify affected customers.
  7. Notify them in the manner you said you would in your Data Security Policy.

According to a recent study performed by the Ponemon Institute, twenty percent of data-breach victims discontinue their business with institutions that have compromised their privacy. So not only are data breaches themselves costly; losing the revenue and the clientele add to those expenses. Not to mention the potential litigation costs associated with the possible lawsuits for the actual breach in security.

States from Nevada to Georgia have had issues with everyday people finding documents in dumpsters. However, not all of these people are good samaritans such as the two women who found thousands of documents lying on top of several Duluth, GA dumpsters. They quickly called the local news station and an investigation began immediately to find out who dumped the documents. In Las Vegas a man found mortgage applications and loan agreements that were just thrown in the trash by a neighboring real estate office. The local news was called again and the company’s name was released.

In September 2001, Proctor & Gamble had to pay Unilever almost $10 million dollars after being sued for sending spies to go through their rivals trash. The consumer-goods giant also signs on to an usual audit by a third party monitor that they would not use any stolen ideas for new product launches. If Unilever had a document destruction policy in place, P&G wouldn’t have found any of Unilever’s top secret information because it would have been properly disposed of.

Don’t take any chances! Handle and dispose of private information in the most secure and respectful way. Pay careful attention to the federal and state laws that have been enacted. This will help you in deciphering whether or not to shred, because if you don’t, your reputation and your business could very well be shredded!

Google Docs makes it easy to create, store and share online documents, spreadsheets and presentations.