© 2007 The Medical-Legal News
There could be liability lurking in your trash. Improper discarding of personal information and medical records is unwise, and can be a crime under HIPAA, Sarbanes-Oxley or other laws. Whether on paper or on a computer, old data can return to haunt its owners.
A recent investigative report in the St. Louis Post-Dispatch highlighted the dangers of improper data destruction. The newspaper bought several old PCs from dumps in Nigeria, scoured the hard drives and came up with Social Security numbers and other personal information. Much of the data was of school children in Virginia. The hard drive with the Social Security numbers had been for sale in a marketplace.
Why Africa? Lagos, Nigeria receives about 500 freight containers per month of old computers to be discarded. The high-tech dumps are an environmental mess and a hacker’s dream.
The Lexington-Herald Leader reported in late October that a trash “survey” by Kentucky’s attorney general’s office revealed scary statistics: 121 businesses had tossed about 500 records into publicly-accessible receptacles. One-fourth of the records contained personal information, and more than 10 percent of the businesses had dumped information such as Social Security numbers and medical information.
The dumpster diving survey had been done in four large Kentucky cities.
One company that offers electronic data destruction is Argus Connection in Texas at www.argusx.com.
Ask Pat Bemis Next Post:
Details of claims software and the relevance to attorneys and records reviewers