These days, what you throw away at your job may leave you more open to liability than what you do for your job. The practice of simply throwing sensitive and confidential information into the trash, though widespread, is illegal.
A recent Texas judgment against CVS Caremark Corp. requires the company to pay $315,000 and overhaul its information security program to settle claims that hundreds of customer records were dumped behind a CVS store.
The attorney general in Indiana recently filed 36 complaints with the state pharmacy board against 18 pharmacies, including CVS and Walgreens Co., and 18 pharmacists for allegedly throwing personal medical information into the trash.
In Kentucky, an investigation by the attorney general's office last fall revealed that 33 companies were illegally dumping private records into the trash. Though charges were not filed, the attorney general's office stated that it was working with the companies to bring them into compliance with the state disposal laws.
In December of last year, American United Mortgage Corp. agreed to pay $50,000 to settle federal charges that it left loan documents with consumers' personal and financial information in and around an unsecured dumpster. The settlement, which was reached with the Federal Trade Commission (FTC), also mandated routine security audits.
In Hawaii, the Fidelity Escrow Services Corp. paid a $10,000 fine for disposing thousands of customer records in a dumpster at a school.
In light of these and other recent lawsuits, its now more important than ever to be wary of how your company disposes of sensitive and confidential information.
With that in mind, here are some examples of what should be destroyed.
Any document which contains confidential material such as designs, proposals, plans, and drafts of such information;
Any document that could be used for the purpose of identity theft such as social security numbers, customer lists, credit applications, tax returns, credit card statements, debit card numbers, applications for jobs, drivers license numbers, employment information, medical records, insurance policy information, legal documents, bank account data, and/or telephone numbers;
Any document that could cause harm in the hands of criminals or competitors such as canceled checks, price lists, business plans, credit card numbers, advertising misprints, contracts, inventory records, invoices, bids & quotations, client lists/files, market research, marketing development, meeting minutes, product proposals, profit & loss statements, confidential letters, financial reports, outdated business records, payroll reports, and/or personnel data;
Any document that is mandated to be protected by laws such as HIPAA, GLB, or FACTA;
Any non-paper item that could cause harm in the hands of criminals such as security uniforms, employee identification cards, product packaging, out of spec products, recalled products, computer discs, compact discs (cd's), dvds, computer tapes, and/or circuit boards.
1300 E 9th St, Suite 1520
Cleveland, OH 44114
Ph: 216-771-2600
Fx: 216-830-8939
