So a customer service rep is sitting at their desk, having a conversation with a client and for conveniences sake, they print out some client information in order to best help the customer. They do a fantastic job, the client is happy and all being well, they dispose of the print out in the waste bin by their desk. Companies typically don’t think about how much that last action is likely to cost them.
A very similar such incident occurred recently at Rite Aid stores and led to an agreed upon settlement of $1 million for violations of the Health Insurance Portability and Accountability Act (HIPAA). Seems that several employees were caught on store cameras disposing of prescription bottles that contained private patient data. Not only was Rite Aid fined, but they have to establish a written informatoin security program (WISP) and obtain an audit from a quality third-party professional to ensure the WISP meets settlement standard — get this — every two years for the next 20 years.
The fine seems large, but will pale in comparison to what WISP development and audits will cost them for the next two decades. Moral of the story? Privacy isn’t just for electronic data. The often overlooked printed documents are carelessly tossed in the trash giving potential thieves easy access.