The branch that you searched for does not have a page in your preferred language. Would you like to visit the branch page on the #CODE# site?
As the world leader in paper shredding, we ensure your documents are securely destroyed.
Hard drives could cost you millions in a data breach. Physically destroy your electronic data.
Get A Quote
Back To Information Security Resources
In this issue, we will discuss how implementing and enforcing document security protocols can help an organization maintain trust with both internal and external stakeholders
Reputation is an important asset - a powerful, yet intangible and fragile one that serves as a magnet, attracting attention and often new business. While most businesses work hard to build and maintain a positive reputation with stakeholders, many underestimate how severely a data breach could undermine these efforts, potentially causing the public to lose trust in the organization and long-term damage to the brand. With this in mind, the protection of business, employee and customer information should be of vital concern to all organizations.
Download PDF Version
Albert Park Family Medical Centre case study1
In July 2011, the medical records of 2,682 patients were found in a recycling bin nearby a doctors’ office in Regina, Saskatchewan. According to Gary Dickson, Saskatchewan’s Privacy Commissioner, the doctor responsible for the records was Dr. Teik Im Ooi from the Albert Park Family Medical Centre. A resulting investigation found Dr. Im Ooi at fault for poor record-keeping practices, because her records were not properly marked nor were they stored in a secure location.
A total of 150 boxes of patient records were moved from the doctor’s office to the basement of a shopping centre where they were kept in an unsecured storage area. Not only were the records unmarked and kept in an unsecure location – the doctor’s office also did not keep track of them. Twenty-five boxes were put into recycling bins and contained medical information such as visitation history and lab test results, while the remaining 125 boxes were not located.
This breach of privacy made headlines as yet another example of the lack of implementation of proper document security protocols. The Privacy Commissioner said that this case was the “largest breach of patient privacy” since Saskatchewan enacted the Health Information Protection Act in 2005. He also admitted that the case “was not a momentary lapse of judgment”, but was the result of years of neglect and oversight and therefore worthy of prosecution.
It may be shocking that in today’s privacy-conscious climate that documents are still being disposed of carelessly. This newsletter sheds light on the lack of understanding present among many employees around the importance of document destruction and the need to instill regulated practices to protect information security. According to the Ponemon Institute, 41 per cent of data breaches occur as a result of negligence, making it the leading cause2 . This Saskatchewan incident, like many others, brought negative attention and scrutiny to the offending organization, with police investigations and media coverage, all of which could have been prevented with greater employee awareness and/or increased regulation around information security.
Implementing proper document destruction protocols that are understood and adhered to by all employees is essential in protecting against identity theft and the reputational damage that can result from a security breach. Yet the results from the 2012 Shred-it Information Security Tracker show that regardless of size, organizations are not doing enough to make document security part of their business culture. In particular, only 52 per cent of small businesses have an employee responsible for managing data security issues and just 55 per cent have developed document security protocols.
However, while large businesses are more likely to put document security procedures in place, they are not faring any better than smaller organizations when it comes to employee awareness of information security protocols. The survey found that while a majority (93 per cent) of large businesses have an employee that handles information security, and 92 per cent have a document security protocol, only 40 per cent have a system that is strictly adhered to by all employees. Comparatively, 43 per cent of small businesses have a protocol that all employees are aware of, even though far fewer of them have implemented a document security policy.
Theft can occur when employees leave documents or electronic devices, like old computers or memory sticks, exposed or throw them in the recycling bin or garbage. Fraudsters have become increasingly determined and will retrieve confidential data through means such as dumpster diving or hacking wiped hard drives. This means that companies needs to make sure that not only are they safely storing data, but that they are educating their employees on how best to securely dispose of it as well.
With identity theft and security breaches making headlines regularly, consumers are keenly aware of how easily personal information can be compromised and have the expectation that the organizations entrusted with their information are taking proactive measures to protect their confidential data.
The bulk of data breaches, whether malicious or accidental, happen internally within an organization. As such, an information security policy is only as strong as the employees that adhere to it. As fraud and identity theft continue to be a reality in today’s business world, it is crucial for organizations to take proactive measures against these threats in order to maintain stakeholder trust.
When assessing whether it has effectively cultivated a culture of security within the organization, a business should ask itself the following questions:
If employees fail to understand the importance of following document security protocols, businesses are putting themselves and their customers at risk of identity theft. It is the responsibility of every organization, large and small, to take proactive steps to ensure that client and company information is adequately safeguarded. In doing so, a business protects not only its clients but also its reputation.
Shred-it has developed a survey to help businesses better understand security gaps. Conduct your own security self-assessment.
To learn more about Shred-it services or to book your FREE security assessment visit www.shredit.com.
You can also visit Shred-it on Facebook and LinkedIn or follow us on Twitter at @Shredit.
Stay informed with the latest in information security news and promotions.
Fill out the form or call 888.750.6450 to start protecting your business today!