X

Thank you for sharing!

Your article was successfully shared with the contacts you provided.
How you discard information printed on paper may have grave consequences for your business and your customers. In these times of higher security, it would be wise to rethink the secure nature of company records and documents that may be overcrowding filing cabinets, stacked on desks, or piling up in the trash receptacles behind your building. The failure to destroy documents prior to disposal has caused a significant increase in identity theft. According to the Federal Trade Commission, 27 million Americans have been victims of identity theft in the last five years, with more than one-third of these crimes occurring within the last year. The rise of identity theft is a red flag for all organizations to review their procedures and implement enhanced security measures for the appropriate destruction of data. Identity theft occurs when someone steals personal information to make unauthorized purchases, apply for new credit, or steal from bank accounts. Many of these fraudulent schemes are easily perpetrated, due to the habit of throwing away confidential papers with the trash. Without fear of criminal prosecution, professional thieves are sorting through trash in hopes of finding private information and vital company records. Personal identity theft has huge economic implications for the individual, including ruined credit ratings and countless hours invested to reverse the damage. Businesses are exposed to liability when negligent handling of records is the source of the theft. To combat one of the fastest-growing crimes in the country, we all must take preventive steps. Failing to act or simply assuming you won’t be a victim could lead to significant financial losses, harm to individual or corporate reputation, and even expose your company to legal liability. THE FACES OF FRAUD Fraud and identity hoaxes occur in many forms. • Linda Foley, who founded the Identity Theft Resource Center, was a victim of workplace identity theft. When a credit card company called to confirm her “new” address, Foley discovered that her boss was using her Social Security number to apply for various credit cards. “I grew up believing in the good of all people,” Foley says. “At first, I thought it was a mistake. It didn’t make sense. She was a nice lady. Then they faxed me the credit card application in her handwriting, and I knew it was no longer a mistake.” Four months later, Foley discovered that a cell phone had been added to her account as well. • Attorney Mary Frank was another victim of workplace identity theft. When she was called by a Delaware bank about an unpaid $11,000 bill, she says, “You have the wrong person.” However, when the caller repeated Frank’s Social Security number and birth date that were written on billing statements for an address four hours from her home, she knew something was very wrong. The criminal was none other than a law office secretary. “Along with over $50,000 worth of credit stolen in my name, this woman had purchased a red convertible Mustang in my name,” Frank says. It took Frank more than 500 hours over the course of more than a year to clean up the mess. As an individual, you need to ask companies you do business with about their privacy policies and information-handling procedures. Individuals can also reduce exposure by opting out of direct mail marketing, not carrying Social Security numbers in their wallets, reporting lost or stolen credit instruments immediately, and obtaining a credit monitoring service. Business leaders need to question and test facilities and security managers to make sure the company can withstand attacks by privacy thieves. • Are employees educated and aware of privacy threats? • Is there a formal retention policy for records and archives? • Are the policies enforced consistently and well-documented? • Do you provide employees with an efficient, convenient, and secure means to destroy information at the end of its useful life or retention period? Securing personal information is the right of your customers and the duty of any organization accepting vital records. Most companies provide at least the bare minimum security standards: locking the front doors, restricting access, and instituting comprehensive computer security. Some companies go a little further by hardening facilities with lighting, perimeter fencing, access cards, security cameras, and guards. Still other companies institute document control procedures to tighten information security by locking files, locking offices, limiting access to records, and destroying information prior to disposal. INSIDE JOBS Security experts believe that most security risks occur from internal sources. So even after you’ve taken extreme precautions to keep the bad guys out of your physical space, then you have to segregate sensitive records and limit access to them. The only way to combat this crime is to limit a criminal’s access to identifying information. Information that resides on computer hard drives and file servers are pretty well protected. Personal information is typically stolen by copying or taking hard copies of records. Although we have been promised a paperless office for many years, paperwork seems destined to flow endlessly for years to come. Two distinct types of records exist on paper. The first type are original source documents, such as applications, forms, handwritten notes, correspondence, and other documents that do not originate from your office. The second type are very polished records of business activity that originate from your office, such as consulting reports, transactional documents, financial records, sales reports, action plans, and correspondence. While electronically stored information is generally well-guarded behind fire walls and passwords, once vital records are printed from the system and distributed, the security wall seems to crumble. Since paperwork is here to stay, companies and individuals need to minimize the chance of losing vital information printed on paper. NEW LEGISLATION The federal government has recently taken measures to deal with identity theft and the issue of document destruction. Implemented earlier this year, the Health Insurance Portability and Accountability Act requires health care providers, hospitals, insurers, and health plans to physically safeguard and protect patient information. The Gramm-Leach-Bliley Act obligates companies involved in the financial sector, such as mortgage brokers, securities firms, and banks, to protect the security of client records when handling “sensitive documents.” Both acts make it a crime to carelessly handle confidential files, with stiff fines and other penalties for violations. California has also passed legislation to protect citizens from identity theft. With federal and state legislation forcing businesses to increase their security measures, business entities must re-evaluate their methods of protecting sensitive records. Does this mean that companies must charge employees with the task of shredding thousands of pages of documents? How can a company preserve its capital spending budget and avoid the problems of operating and maintaining expensive equipment for document destruction? Many businesspeople are entrusting the secure disposal of confidential paper to an outsourcer. Although lightweight shredding machines intended for office use are available for less than $1,000, these machines are suitable only for modest volumes of paper and require employees to divert time from their primary job duties. Large-scale purge projects require much more significant capital outlays or professional outside assistance. The most cost-effective way to handle these projects is to outsource shredding services to a third party that’s certified, bonded, and insured to perform the work. Removal of paper from a place of business with destruction performed at a central plant is the most economical service, while on-site destruction by mobile shredding trucks is considered the most secure. In an age of proliferating white-collar crime, identity theft is one felony that can victimize anyone due to its exponential growth. The new federal and state laws suggest that all businesses need to do more to reduce this risk. Physical security and information security are business functions that employees at every level of a company need to buy into. Compliance must be encouraged from the highest management levels, and safety procedures need to be taught, practiced, and enforced. Employees are most likely to respond when a direct connection is made between job security and the financial well-being of the company. If your company is not already doing everything it can to prevent identity theft, it may be time for the legal department to act. Brad Schofield is president of Safeguard Shredding, a maximum security document destruction company in the D.C. area (www.safeguardshred.com). He may be reached at (703) 849-8900.

This content has been archived. It is available exclusively through our partner LexisNexis®.

To view this content, please continue to Lexis Advance®.

Not a Lexis Advance® Subscriber? Subscribe Now

Why am I seeing this?

LexisNexis® is now the exclusive third party online distributor of the broad collection of current and archived versions of ALM's legal news publications. LexisNexis® customers will be able to access and use ALM's content by subscribing to the LexisNexis® services via Lexis Advance®. This includes content from the National Law Journal®, The American Lawyer®, Law Technology News®, The New York Law Journal® and Corporate Counsel®, as well as ALM's other newspapers, directories, legal treatises, published and unpublished court opinions, and other sources of legal information.

ALM's content plays a significant role in your work and research, and now through this alliance LexisNexis® will bring you access to an even more comprehensive collection of legal content.

For questions call 1-877-256-2472 or contact us at [email protected]

 
 

ALM Legal Publication Newsletters

Sign Up Today and Never Miss Another Story.

As part of your digital membership, you can sign up for an unlimited number of a wide range of complimentary newsletters. Visit your My Account page to make your selections. Get the timely legal news and critical analysis you cannot afford to miss. Tailored just for you. In your inbox. Every day.

Copyright © 2020 ALM Media Properties, LLC. All Rights Reserved.