ID theft a risk for employees after improper document disposal
Aug 31, 2013 Dave King
Simple missteps by organizations that handle personal information can lead to significant identity theft risks, as evidenced by the countless stories that hit the mass media every day. Businesses need to become more responsible when managing any type of data that could be used to steal identities, while consistently adhering to the best practices of ID verification as well.
ID verification protocols should be carried out in the beginning of transactions or during the collection of personal information, then records management policies should come into play that ensure legal and secure storage and destruction of the documents at decided-upon times. The disposal or destruction of records - both digital and physical - has been among the largest pressure points in recent years.
One mistake, hundreds effected
KSHB 41 Action News, a Kansas-based NBC affiliate, recently reported that a box of employee records was found in a dumpster in Merriam this week. While documents should be shredded or destroyed before disposal, especially when the paperwork includes personal information, this was not done by the company in question, Washington Inventory Service.
According to the news provider, a coupon collector stumbled upon the documents when looking for a coupon in a public magazine and newspaper recycling bin. This was unsettling for many, as one of the most well-known tactics that identity thieves use to steal personal information is digging through garbage and recycling bins in residential and commercial areas. Now, hundreds of employees are at risk of identity theft.
"I noticed files in the dumpsters, and I took a look at the files and I noticed social security numbers and driving records," the man told the source. "If that were my information, I would expect that that would be shredded and disposed of properly, not thrown in a recycle dumpster or any other kind of dumpster."
Action News added that one employee first stated it was okay to dispose the files where they did because it was a private bin, then realized the mistake and said it was an accident.
Digital, physical files in question
Regardless of how tight ID verification standards are, mistakes such as this one can thwart even the most secure environments. Records management policies should include components related to the storage of sensitive information, and should always incorporate shredding policies for when the records need to be destroyed or disposed of, regardless of format.