A couple of weeks ago I was doing a consulting call with a small startup business (that in a short span of time is already performing outsourced cloud processing for a number of really huge clients) about information security and privacy. They had implemented just the basic firewall and passwords, but otherwise had no policies, procedures, or documented program in place. I provided an overview of the need for information security and privacy controls to be in place throughout the entire information lifecycle; from creation and collection, to deletion and disposal. They were on board with everything I was describing until we got to (more…)
Posts Tagged ‘disposal rule’
Disposal Dummies Cause Privacy Problems
Thursday, May 31st, 2012Sloppy Disposal Aids Cybercriminals
Wednesday, September 10th, 2008For day 3 of Global Security Week I want to talk a little bit about the importance of securely disposing of your papers and storage media that contains personal information…
Company Uses Negotiated Checks For Packing Material!
Thursday, August 21st, 2008Not much surprises me any more with regard to some of the silly things that organizations do with printed PII that put the involved individuals at risk.
However, I was surprised when I watched an ABC News report this morning…
Have You Looked In Your Trash Bins Lately?
Monday, February 18th, 2008It shouldn’t still amaze me, but it does, how often so many organizations just dump huge amounts of printed paper containing tons of personally identifiable information (PII) right into their dumpster sitting behind their building, in the alley, or some other easily reachable public location.
Here’s yet another example of a business throwing away people’s privacy in their trash dumpster…
FTC Fines Mortgage Co. For Tossing PII Into Dumpster: FACTA/FCRA, GLBA, & FTC Act Violations
Wednesday, December 26th, 2007On December 17 the U.S. Federal Trade Commission (FTC) fined and penalized American United Mortgage Company for throwing the personally identifiable information (PII) and financial information of its customers and consumers into an open, publicly-accessible dumpster.
Under the terms of the penalty, American United Mortgage Company must:
Information Security: Laws Require Secure Disposal of Information in All Forms; Using BS 8470:2006 for Compliance
Friday, April 20th, 2007Many information security incidents have occurred through non-technical means by simply and thoughtlessly throwing away printed documents into publicly-accessible trash bins, or even putting computers and sensitive documents out on the streets. I have blogged about this several times, such as here, here, and here.