Posts Tagged ‘disposal’

If there’s a Shred of Evidence it’s Not Shredded

Monday, October 28th, 2013

“What’s the minimum shred size?”

Recently I got a great question from one of my Compliance Helper clients:

“This may seem like a silly question, but is there any type of HIPAA compliance requirements for shredder types?  For example, minimum shred size?”

Not a silly question at all! Of the organizations that shred their paper documents (there are still way too many that don’t), a large portion of them are not shredding their documents to a point that they are actually doing so effectively. Here are some points and tips (more…)

Disposal Dummies Cause Privacy Problems

Thursday, May 31st, 2012

A couple of weeks ago I was doing a consulting call with a small startup business (that in a short span of time is already performing outsourced cloud processing for a number of really huge clients) about information security and privacy.  They had implemented just the basic firewall and passwords, but otherwise had no policies, procedures, or documented program in place.  I provided an overview of the need for information security and privacy controls to be in place throughout the entire information lifecycle; from creation and collection, to deletion and disposal.  They were on board with everything I was describing until we got to (more…)

HIPAA, HITECH Act and Disposal Problems

Thursday, May 21st, 2009

Here’s yet another incident that provides very good lessons that could be incorporated into information security and privacy training sessions as a case study, particularly for HIPAA compliance as well as secure disposal training…


Blackberry Disposal Lessons From McCain & Palin

Tuesday, December 16th, 2008

Another real-life example to show the importance of having effective policies and procedures in place for not only information disposal, but also for the disposal of computers and storage media…


More Data Retention Tips And Considerations

Thursday, August 28th, 2008

Here are some more data retention tips and considerations as a follow-up to my Tuesday blog post


Do You Know Your Data Retention Requirements?

Tuesday, August 26th, 2008

There have been several interesting news reports recently about data retention proposals, plans, practices and laws in the U.K.
Currently there are proposals to require emails to be retained for a full year, but critics contend that sloppy data retention practices will result in actual retention periods much longer, if the emails even ever get deleted.
This is an important point; when it comes to data retention, the requirements are rarely, if ever, followed by some organizations…


Company Uses Negotiated Checks For Packing Material!

Thursday, August 21st, 2008

Not much surprises me any more with regard to some of the silly things that organizations do with printed PII that put the involved individuals at risk.
However, I was surprised when I watched an ABC News report this morning…


Texas EZPawn Throws Away Its Security Promises and Customers’ Privacy and Gets A Handed A Significant Penalty

Wednesday, July 2nd, 2008

Well, here is yet another company that had a nasty habit of just throwing papers containing their customers’ personally identifiable information (PII) into publicly accessible trash cans.
On June 24 a Texas judge handed down a civil penalty of $600,000 against Texas EZPawn for tossing their customer PII, including Social Security numbers, bank account information, driver’s license numbers, date of birth, and other identifying information, into their trash cans without first irreversibly and completely shredding the papers. You can see an example of the types of records found in the trash in the court documents.


Average Cost of ID Theft Per Victim is $31,356

Wednesday, October 24th, 2007

Finally, a report that looks much more accurate with regard to how much identity theft costs the VICTIMS of a privacy breach. Most reported victim costs that I have seen in the past seemed much too low considering all the time that victims talked about trying to repair and recover from identity theft, and how much resources it took, the many years it often takes, and so on.


Insider Threat Example: Leaked Clinton Memo Provides At Least 5 Good Security Lessons

Tuesday, May 29th, 2007

Mid-last week it was widely reported, probably more so in the national news than here in Iowa, that one of Hillary Clinton’s top campaign folks had written a memo to her urging her to skip Iowa and focus on other states. This leaked memo was the grist of much discussion on the political talk shows over the weekend.