{"id":18005,"date":"2012-12-11T20:18:40","date_gmt":"2012-12-12T01:18:40","guid":{"rendered":"http:\/\/rbach.net\/blog\/index.php\/"},"modified":"2021-08-13T21:38:21","modified_gmt":"2021-08-14T01:38:21","slug":"disposal-dummies-cause-privacy-problems","status":"publish","type":"post","link":"https:\/\/rbach.net\/index.php\/disposal-dummies-cause-privacy-problems\/","title":{"rendered":"Disposal Dummies Cause Privacy Problems"},"content":{"rendered":"<p><img data-recalc-dims=\"1\" loading=\"lazy\" decoding=\"async\" class=\"wp-image-97891 alignleft\" title=\"Disposal Dummies Cause Privacy Problems\" src=\"https:\/\/i0.wp.com\/rbach.net\/wp-content\/uploads\/att-ipad-data-breach-e1563413666683-150x146.jpg?resize=73%2C71&#038;ssl=1\" alt=\"\" width=\"73\" height=\"71\" srcset=\"https:\/\/i0.wp.com\/rbach.net\/wp-content\/uploads\/att-ipad-data-breach-e1563413666683.jpg?resize=150%2C146&amp;ssl=1 150w, https:\/\/i0.wp.com\/rbach.net\/wp-content\/uploads\/att-ipad-data-breach-e1563413666683.jpg?resize=75%2C73&amp;ssl=1 75w, https:\/\/i0.wp.com\/rbach.net\/wp-content\/uploads\/att-ipad-data-breach-e1563413666683.jpg?w=331&amp;ssl=1 331w\" sizes=\"auto, (max-width: 73px) 100vw, 73px\" \/>The article <a title=\"Disposal Dummies Cause Privacy Problems\" href=\"http:\/\/www.secureworldexpo.com\/blog\/disposal-dummies-cause-privacy-problems-3\" target=\"_blank\" rel=\"noopener noreferrer\">Disposal Dummies Cause Privacy Problems<\/a>, posted at\u00a0 <a title=\"SecureWorld Post\" href=\"https:\/\/web.archive.org\/web\/20160902215603\/http:\/\/www.secureworldpost.secureworldexpo.com:80\/\" target=\"_blank\" rel=\"noopener noreferrer\"><em>SecureWorld Post<\/em><\/a> by Rebecca Herold lays out the <a title=\"Privacy\" href=\"http:\/\/en.wikipedia.org\/wiki\/Privacy\" target=\"_blank\" rel=\"noopener wikipedia noreferrer\">privacy<\/a> problems caused by dumb disposal policies. The article claims that trash-based breaches are worse than ever.<\/p>\n<p><a href=\"https:\/\/web.archive.org\/web\/20100705092144\/http:\/\/www.capemaycountyherald.com:80\/article\/government\/63231-police+investigating+what+woman+found+while+dumpster+diving\" target=\"_blank\" rel=\"noopener noreferrer\"><img data-recalc-dims=\"1\" loading=\"lazy\" decoding=\"async\" class=\"alignright wp-image-97894\" title=\"Disposal Dummies Cause Privacy Problems\" src=\"https:\/\/i0.wp.com\/rbach.net\/wp-content\/uploads\/FE-Freecycling-Erin1-e1563413735553-146x150.jpg?resize=99%2C102&#038;ssl=1\" alt=\"Disposal Dummies Cause Privacy Problems\" width=\"99\" height=\"102\" srcset=\"https:\/\/i0.wp.com\/rbach.net\/wp-content\/uploads\/FE-Freecycling-Erin1-e1563413735553.jpg?resize=146%2C150&amp;ssl=1 146w, https:\/\/i0.wp.com\/rbach.net\/wp-content\/uploads\/FE-Freecycling-Erin1-e1563413735553.jpg?resize=73%2C75&amp;ssl=1 73w, https:\/\/i0.wp.com\/rbach.net\/wp-content\/uploads\/FE-Freecycling-Erin1-e1563413735553.jpg?w=279&amp;ssl=1 279w\" sizes=\"auto, (max-width: 99px) 100vw, 99px\" \/><\/a>The oldest security and privacy problem, unsecured disposal of personal information, is prevalent today as it was centuries ago reports the author. She says because of the rapidly growing amount of data, in which <a title=\"EMC\" href=\"http:\/\/www.emc.com\/\" target=\"_blank\" rel=\"noopener noreferrer\">EMC<\/a> (<a title=\"NYSE : EMC\" href=\"https:\/\/www.businessinsider.com\/dell-emc-deal-2015-10\/\" target=\"_blank\" rel=\"noopener noreferrer\">EMC<\/a>) and <a title=\"International Data Corporation\" href=\"http:\/\/idc.com\" target=\"_blank\" rel=\"homepage noopener noreferrer\">IDC<\/a> <a title=\"Worl&#039; Data More Than Doubling Every Two Years\u2014Driving Big Data Opportunity, New IT Roles\" href=\"https:\/\/web.archive.org\/web\/20180521142050\/https:\/\/www.emc.com\/about\/news\/press\/2011\/20110628-01.htm\" target=\"_blank\" rel=\"noopener noreferrer\">claim<\/a> that data is doubling every two years, along with print information, there are even more ways in which disposal-related breaches are occurring. <em>Here are just a few instances I found:<\/em><\/p>\n<ul>\n<li><a title=\"\u2018Confetti\u2019 Dropped During Giants Parade Contained Confidential Information\" href=\"http:\/\/newyork.cbslocal.com\/2012\/02\/08\/report-confetti-dropped-during-giants-parade-contained-confidential-information\/\" target=\"_blank\" rel=\"noopener noreferrer\">\u2018Confetti\u2019 Dropped During Giants Parade Contained Confidential\u00a0Information<\/a><\/li>\n<li><a title=\"School Accidentally Throws Out Books and Student Information\" href=\"https:\/\/web.archive.org\/web\/20120113114728\/http:\/\/www.kionrightnow.com:80\/story\/16481347\/books-student-personal-documents-thrown-in-dumpsters-at-school\" target=\"_blank\" rel=\"noopener noreferrer\">School Accidentally Throws Out Books and Student Information<\/a><\/li>\n<li><a title=\"Dallas convicts no longer shred confidential data \" href=\"https:\/\/web.archive.org\/web\/20120212210028\/http:\/\/www.wfaa.com:80\/news\/national\/After-a-decade-Dallas-convicts-no-longer-shred-confidential-data-135354223.html\" target=\"_blank\" rel=\"noopener noreferrer\">Dallas convicts no longer shred confidential data<\/a><\/li>\n<li><a title=\"Auction of Abandoned Storage Unit Contents Continues to Pose Data Security Risk\" href=\"https:\/\/web.archive.org\/web\/20120115075936\/http:\/\/www.timesdaily.com:80\/stories\/Man-unknowingly-buys-medical-records,182269?\" target=\"_blank\" rel=\"noopener noreferrer\">Auction of Abandoned Storage Unit Contents Continues to Pose Data Security Risk<\/a><\/li>\n<li><a title=\"Student Records Found in Field\" href=\"https:\/\/web.archive.org\/web\/20170911181106\/http:\/\/www.naidonline.org\/nitl\/en\/consumer\/news\/369.html\" target=\"_blank\" rel=\"noopener noreferrer\">Student Records Found in Field<\/a><\/li>\n<li><a title=\"Spartanburg County Tax Records Found In Dumpster\" href=\"https:\/\/web.archive.org\/web\/20110916011855\/http:\/\/www2.wspa.com\/news\/community-watchdog\/2010\/jul\/30\/1\/spartanburg-county-tax-records-found-dumpster-ar-644787\/\" target=\"_blank\" rel=\"noopener noreferrer\">Spartanburg County Tax Records Found In Dumpster<\/a><\/li>\n<li>County improperly disposed of documents, told no one<\/li>\n<li>Student information compromised: Intact records found<\/li>\n<\/ul>\n<p>The blog outlines some of the most common egregious information disposal dummy security and privacy mistakes:<\/p>\n<ul>\n<li>D<a title=\"Trash can\" href=\"https:\/\/caseyorear.wordpress.com\/2011\/03\/08\/how-to-get-your-press-release-in-print-and-out-of-the-trashcan\/\" target=\"_blank\" rel=\"noopener noreferrer\"><img data-recalc-dims=\"1\" loading=\"lazy\" decoding=\"async\" class=\"alignright\" style=\"border: 0px none; margin-left: 2px; margin-right: 2px;\" src=\"https:\/\/caseyorear.files.wordpress.com\/2011\/03\/trash-can.jpg?w=300&#038;h=225&#038;fit=300%2C225&#038;resize=92%2C69\" alt=\"Trash can\" width=\"92\" height=\"69\" \/><\/a>onating print documents with personal information on them to outside groups, like pre-schools and community groups, to use as scrap paper.<\/li>\n<li>Selling computers, smartphones, copiers, fax machines, and other computing devices, to recoup some of the investment, but not irreversibly removing the data before the sale.<\/li>\n<li>Putting <a title=\"Data storage device\" href=\"http:\/\/en.wikipedia.org\/wiki\/Data_storage_device\" target=\"_blank\" rel=\"noopener wikipedia noreferrer\">digital storage<\/a> devices in the trash without first irreversibly removing the data.<\/li>\n<li>Putting print documents containing personal information into unsecured dumpsters, and not shredding them.<\/li>\n<li>Never throwing away no-longer-needed hard copy and digital devices; letting them accumulate in storage areas, with inadequate or no security, allowing them to be taken by anyone who happens along.<\/li>\n<\/ul>\n<p><a href=\"http:\/\/www.mahablog.com\/2010\/03\/15\/about-a-bill\/\" target=\"_blank\" rel=\"noopener noreferrer\"><img data-recalc-dims=\"1\" loading=\"lazy\" decoding=\"async\" class=\"alignright wp-image-97897 \" title=\"Schoolhouse Rock\" src=\"https:\/\/i0.wp.com\/rbach.net\/wp-content\/uploads\/bill-schoolhouse-rock-e1563413812775-122x150.jpg?resize=103%2C127&#038;ssl=1\" alt=\"\" width=\"103\" height=\"127\" srcset=\"https:\/\/i0.wp.com\/rbach.net\/wp-content\/uploads\/bill-schoolhouse-rock-e1563413812775.jpg?resize=122%2C150&amp;ssl=1 122w, https:\/\/i0.wp.com\/rbach.net\/wp-content\/uploads\/bill-schoolhouse-rock-e1563413812775.jpg?resize=61%2C75&amp;ssl=1 61w, https:\/\/i0.wp.com\/rbach.net\/wp-content\/uploads\/bill-schoolhouse-rock-e1563413812775.jpg?w=146&amp;ssl=1 146w\" sizes=\"auto, (max-width: 103px) 100vw, 103px\" \/><\/a>Data disposal is important because breaches caused by poor disposal activities are getting so bad that the article states there are growing numbers of laws explicitly covering disposal, and bills are being proposed at the state and federal levels. The <a title=\"FACTA Disposal Rule Goes into Effect June 1 \" href=\"https:\/\/web.archive.org\/web\/20130801095500\/http:\/\/www.ftc.gov\/opa\/2005\/06\/disposal.shtm\" target=\"_blank\" rel=\"noopener noreferrer\">Disposal Rule<\/a> (part of the Fair and Accurate Credit Transactions Act of 2003 (FACTA) has been in effect since 2005. The blog says FACTA has many very specific requirements that basically all types of businesses, of all sizes, that do most types of credit checks must take when disposing of information in all forms.<\/p>\n<p>In Michigan, data destruction requirements are covered in\u00a0<strong>IDENTITY THEFT PROTECTION ACT<\/strong> MCL <a title=\"445.72a Destruction of data containing personal information required; violation as misdemeanor; fine; compliance; &quot;destroy&quot; defined.\" href=\"https:\/\/www.legislature.mi.gov\/%28S%28c2qc3aahcqy4plentufd2j55%29%29\/printDocument.aspx?objectName=mcl-445-72a&amp;version=txt\" target=\"_blank\" rel=\"noopener noreferrer\">Section <\/a><a title=\"445.72a Destruction of data containing personal information required; violation as misdemeanor; fine; compliance; &quot;destroy&quot; defined.\" href=\"https:\/\/www.legislature.mi.gov\/%28S%28c2qc3aahcqy4plentufd2j55%29%29\/printDocument.aspx?objectName=mcl-445-72a&amp;version=txt\" target=\"_blank\" rel=\"noopener noreferrer\">445.72a<\/a>. where destruction of data containing personal information required; violation as misdemeanor; fine; compliance; &#8220;destroy&#8221; are defined.<\/p>\n<p><img data-recalc-dims=\"1\" loading=\"lazy\" decoding=\"async\" class=\"alignright wp-image-97899\" title=\"Michigan\" src=\"https:\/\/i0.wp.com\/rbach.net\/wp-content\/uploads\/MICHIGAN.gif?resize=108%2C108&#038;ssl=1\" alt=\"Michigan\" width=\"108\" height=\"108\" srcset=\"https:\/\/i0.wp.com\/rbach.net\/wp-content\/uploads\/MICHIGAN.gif?resize=150%2C150&amp;ssl=1 150w, https:\/\/i0.wp.com\/rbach.net\/wp-content\/uploads\/MICHIGAN.gif?resize=75%2C75&amp;ssl=1 75w\" sizes=\"auto, (max-width: 108px) 100vw, 108px\" \/>Besides the fact that secure information disposal is now a legal requirement for most businesses, it makes sense to dispose of information securely to prevent privacy breaches. By having effective disposal policies, procedures and supporting technologies in place businesses demonstrate reasonable due diligence.<\/p>\n<p>Ms. Herold argues that all organizations, from the smallest to the largest, need to follow proper information disposal practices or they will experience significant privacy breaches and non-compliance penalties. She presents an action plan to get started:<\/p>\n<ul>\n<li>Assign overall responsibility for information security and privacy compliance to a position or department within your organization, which will include responsibility for the disposal of information in all forms.<\/li>\n<li>Perform a disposal risk assessment to find exactly how your organization really disposes of all types of information.<\/li>\n<li>Create information disposal policies and procedures, or update existing ones, based upon the results of the disposal risk assessment.<\/li>\n<\/ul>\n<p>The policies and procedures need actions:<\/p>\n<ul>\n<li>Locate, inventory, and gather at the end of their business use<img data-recalc-dims=\"1\" loading=\"lazy\" decoding=\"async\" class=\"alignright wp-image-97902\" title=\"Filingcabinet\" src=\"https:\/\/i0.wp.com\/rbach.net\/wp-content\/uploads\/man-stuffing-filing-cabinet.gif?resize=112%2C120&#038;ssl=1\" alt=\"Filingcabinet\" width=\"112\" height=\"120\" srcset=\"https:\/\/i0.wp.com\/rbach.net\/wp-content\/uploads\/man-stuffing-filing-cabinet.gif?resize=140%2C150&amp;ssl=1 140w, https:\/\/i0.wp.com\/rbach.net\/wp-content\/uploads\/man-stuffing-filing-cabinet.gif?resize=70%2C75&amp;ssl=1 70w\" sizes=\"auto, (max-width: 112px) 100vw, 112px\" \/>fulness all types of digital storage devices, including CDs, DVDs, USB drives, external drives, tapes (yes, many organizations still use them), microfiche (yes, these too), and any other type of storage media.<\/li>\n<li>Inventory all types of computing equipment, including not just the \u201ctraditional\u201d computers, but also devices such as printers, fax machines, copiers, smartphones, MP3 devices, and any other types of devices that do computing activities.<\/li>\n<li>Define acceptable shredding methods and locations for paper documents. Finely cross-shredding hard copy information is recommended, as well as ensuring any contracted shredding company does such shredding on-site.<\/li>\n<li>Define acceptable methods of irreversibly removing data from computing and digital storage devices. Degaussers are still often used, in addition to contracted services to wipe storage devices clean.<\/li>\n<li>Make sure you include information backups, and all types of information archives, in your disposal procedures. These items are typically overlooked, and many breaches have resulted from such items.<\/li>\n<\/ul>\n<p><a href=\"https:\/\/wp.me\/p2wgaW-Km\" target=\"_blank\" rel=\"noopener noreferrer\"><img data-recalc-dims=\"1\" loading=\"lazy\" decoding=\"async\" class=\"alignright wp-image-97904 size-full\" title=\"Data destruction\" src=\"https:\/\/i0.wp.com\/rbach.net\/wp-content\/uploads\/datadestruction.jpg?resize=68%2C101&#038;ssl=1\" alt=\"Data destruction\" width=\"68\" height=\"101\" srcset=\"https:\/\/i0.wp.com\/rbach.net\/wp-content\/uploads\/datadestruction.jpg?w=68&amp;ssl=1 68w, https:\/\/i0.wp.com\/rbach.net\/wp-content\/uploads\/datadestruction.jpg?resize=50%2C75&amp;ssl=1 50w\" sizes=\"auto, (max-width: 68px) 100vw, 68px\" \/><\/a>The bottom line for all organizations, the author argues is: You need to make sure there are proper safeguards for information, computing, and storage devices, during the disposal process.<\/p>\n<p>The author concludes with some recommended resources and articles to aid you with improving your own personal, and organizational, disposal practices:<\/p>\n<ul>\n<li><a title=\"Disposing of Consumer Report Information? New Rule Tells How \" href=\"https:\/\/web.archive.org\/web\/20130826180402\/http:\/\/business.ftc.gov\/documents\/alt152-disposing-consumer-report-information-new-rule-tells-how\" target=\"_blank\" rel=\"noopener noreferrer\">Disposal guidance from the Federal Trade Commission<\/a> (<a title=\"Federal Trade Commission\" href=\"http:\/\/www.ftc.gov\/\" target=\"_blank\" rel=\"noopener noreferrer\">FTC<\/a>)<\/li>\n<li><a title=\"If You Don&#039;t Have It, They Can&#039;t Get It \" href=\"https:\/\/web.archive.org\/web\/20221220094638\/https:\/\/ssd.eff.org\/your-computer\/protect\/retention\" target=\"_blank\" rel=\"noopener noreferrer\">Disposal tips from the Electronic Frontier Foundation<\/a> (<a title=\"Electronic Frontier Foundation \" href=\"https:\/\/www.eff.org\/\" target=\"_blank\" rel=\"noopener noreferrer\">EFF<\/a>)<\/li>\n<li><a title=\"Developing a Defensible Disposal Strategy\" href=\"https:\/\/public.dhe.ibm.com\/software\/data\/sw-library\/ecm-programs\/Developing_a_defensible_strategy.pdf\" target=\"_blank\" rel=\"noopener noreferrer\">Developing a Defensible Disposal Strategy<\/a> (PDF) (<a title=\"IBM\" href=\"http:\/\/www.ibm.com\/\" target=\"_blank\" rel=\"noopener noreferrer\">IBM<\/a> (<a title=\"NYSE : IBM\" href=\"https:\/\/www.nyse.com\/quote\/XNYS:IBM\" target=\"_blank\" rel=\"noopener noreferrer\">IBM<\/a>))<\/li>\n<li><a title=\"Drowning in Data? Disposing of Unneeded Content with Confidence\" href=\"https:\/\/public.dhe.ibm.com\/software\/data\/sw-library\/ecm-programs\/PSS_Drowning_Data.pdf\" target=\"_blank\" rel=\"noopener noreferrer\">Drowning in Data? Disposing of Unneeded Content with Confidence<\/a> (IBM)<\/li>\n<\/ul>\n<h6>Related articles<\/h6>\n<ul>\n<li><a href=\"https:\/\/web.archive.org\/web\/20170315000920\/http:\/\/www.misco.co.uk\/blog\/news\/00318\/employees-fret-over-byod-related-privacy-issues\/\" target=\"_blank\" rel=\"noopener noreferrer\">Employees Fret Over BYOD-Related Privacy Issues<\/a> (misco.co.uk)<\/li>\n<\/ul>\n<p>&nbsp;<\/p>\n<p><em><a title=\"Ralph Bach\" href=\"https:\/\/rbach.net\/index.php\/new-resume\/\" target=\"_blank\" rel=\"noopener noreferrer\">Ralph Bach<\/a>\u00a0has been in IT long enough to know better and has blogged from his\u00a0<a title=\"Bach Seat\" href=\"https:\/\/rbach.net\/\" target=\"_blank\" rel=\"noopener noreferrer\">Bach Seat<\/a> about IT, careers, and anything else that catches his attention since 2005. You can follow him on <a class=\"broken_link\" href=\"http:\/\/www.linkedin.com\/in\/rb48334\" target=\"_blank\" rel=\"noopener noreferrer nofollow\">LinkedIn<\/a>,\u00a0<a href=\"https:\/\/www.facebook.com\/ralph.bach.14\" target=\"_blank\" rel=\"noopener noreferrer\">Facebook<\/a>,\u00a0and\u00a0<a href=\"https:\/\/twitter.com\/rbach48334\" target=\"_blank\" rel=\"noopener noreferrer\">Twitter<\/a>. Email the Bach Seat\u00a0<a href=\"mailto:\/\/bach.seat@gmail.com\" target=\"_blank\" rel=\"noopener noreferrer\">here<\/a>.<\/em><\/p>\n","protected":false},"excerpt":{"rendered":"<p>Poor disposal activities for data and devices are getting so bad that there are growing numbers of laws covering disposal to prevent privacy breaches<\/p>\n","protected":false},"author":1,"featured_media":0,"comment_status":"open","ping_status":"open","sticky":false,"template":"","format":"standard","meta":{"footnotes":""},"categories":[4],"tags":[2197,1467,1826,322,104,1096,124,951,185,4],"class_list":["post-18005","post","type-post","status-publish","format-standard","hentry","category-security","tag-2197","tag-cipa","tag-disposal","tag-emc","tag-facebook","tag-fb","tag-paper","tag-pii","tag-privacy","tag-security"],"aioseo_notices":[],"_links":{"self":[{"href":"https:\/\/rbach.net\/index.php\/wp-json\/wp\/v2\/posts\/18005","targetHints":{"allow":["GET"]}}],"collection":[{"href":"https:\/\/rbach.net\/index.php\/wp-json\/wp\/v2\/posts"}],"about":[{"href":"https:\/\/rbach.net\/index.php\/wp-json\/wp\/v2\/types\/post"}],"author":[{"embeddable":true,"href":"https:\/\/rbach.net\/index.php\/wp-json\/wp\/v2\/users\/1"}],"replies":[{"embeddable":true,"href":"https:\/\/rbach.net\/index.php\/wp-json\/wp\/v2\/comments?post=18005"}],"version-history":[{"count":28,"href":"https:\/\/rbach.net\/index.php\/wp-json\/wp\/v2\/posts\/18005\/revisions"}],"predecessor-version":[{"id":132802,"href":"https:\/\/rbach.net\/index.php\/wp-json\/wp\/v2\/posts\/18005\/revisions\/132802"}],"wp:attachment":[{"href":"https:\/\/rbach.net\/index.php\/wp-json\/wp\/v2\/media?parent=18005"}],"wp:term":[{"taxonomy":"category","embeddable":true,"href":"https:\/\/rbach.net\/index.php\/wp-json\/wp\/v2\/categories?post=18005"},{"taxonomy":"post_tag","embeddable":true,"href":"https:\/\/rbach.net\/index.php\/wp-json\/wp\/v2\/tags?post=18005"}],"curies":[{"name":"wp","href":"https:\/\/api.w.org\/{rel}","templated":true}]}}