Brokers have been reminded of the need to keep client information confidential, even when that information is no longer needed and is being disposed. The warning comes with the release of research that found about 10 per cent of businesses dump personal information about clients in publicly accessible rubbish bins.
The research was conducted by the National Association for Information Destruction earlier this year, which used a licensed private investigator to examine the contents of 100 publicly accessible rubbish bins in use by data-sensitive businesses.
NAID says the purpose of the research was to discover the relative percentage of confidential information that might be available on any given day. NAID chief executive Robert Johnson stated that the nine government offices, 10 accounting and 16 financial planning practices examined released no confidential data in their rubbish.
However 40 per cent of bank branches were found to have discarded confidential financial information including an account holder’s information with name, address, credit card number, account balances and credit limits. A quarter of doctor’s offices and a fifth of lawyer’s offices were also found to have disposed of personal information inadequately.
While brokers and insurers seem to have gotten off lightly in the survey Johnson says the random sampling has to be taken into consideration and other professionals should be vigilant as well.
“The main reason professional practices are not disposing of documents securely is that it is not top of mind. It may be that the person hasn’t been properly trained or that they have ignored their training,” Johnson says.
“There is a fair chance that many in the insurance industry would not consider much of their material to require shredding but you would be shocked to know what people can do with people’s personal information they have.”
“On a different day or time of year, our results could have been markedly different,” said Johnson who stated that criminals engaged in identify theft relied on low-tech, untraceable sources of personal information such as those found in rubbish bins.
Under new laws created in late 2012 government agencies and companies can be fined for serious and repeated privacy breaches online, however this law does not extend to organisations that throw that same information in the garbage.