We have all heard the wise old saying….’One man’s trash is another man’s treasure’ and potentially we have yet another lesson learned for organizations who are obligated to protect their client’s personal information.
In this lesson learned from Ohio, three large storage bins were stolen from outside of three different bank branches in three different cities. Each of the three large storage bins contained paper that was waiting to be shredded and at least one of the storage bins contained personal documents of bank customers.
A few questions this incident brings to mind:
- Should personal data be stored outside of buildings?
- Should trash/storage bins be removable?
- Should trash/storage bins be monitored by video cameras?
- How should data waiting to be shredded be handled and secured?
- Does your organization have policies and procedures for data waiting to be shredded?
- Does your organization have information handling agreement with shredder vendors?
When it comes to protecting customers’ personal information, many other questions come to mind and many risks and issues have been discussed in previous Lessons Learned Blog entries.
Oh! And don’t forget this lesson learned provides yet another ‘red flag’ that should be added to your FACTA Red Flag Rule program and communicated to all appropriate personnel.